1093bb9b3496e4e944527622daf101055f6cec78cdca91433faee78eea446d79

Analysis

max time kernel
142s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe
Size

271KB
MD5

85e139570c294fc29251d1da65dfd5d6
SHA1

4f1e83b69c73acfc2c25964a95e897b146635545
SHA256

1093bb9b3496e4e944527622daf101055f6cec78cdca91433faee78eea446d79
SHA512

2bfd745926fd41128c5590b43faa847747e84be6b5cb73f8308f58aa071e7c19cf37227d152c1b458392f5599d7f587633afc2383caa8bef950d5c587e2ceba1
SSDEEP

6144:boHuXfi3s2s2ovMokgaECP60l4SGGvGGvGGvGGpZGQdYC:bMuXf4YMFECy0l4SGGvGGvGGvGGpB7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1644	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe
1644	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1644	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1644	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe
1644	85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\85e139570c294fc29251d1da65dfd5d6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dfs1094.tmp

Filesize
270KB

MD5
f10845feca86e67305db675710491a00

SHA1
d25e37be4023c4c04319a768875d53d614511c0f

SHA256
9b6fcb85833aa14585bb55d5f994112f34f460c490534e96c9ea187ac2edd714

SHA512
6a2971d229cd59ca40aaa31497452a40f192cf1804b14c44f7ed9fa55063d5fdcf247e6bff20cf1fc5531c23c52c46a18fb8b4264d09a83e7424e14f91828164

Download Submit
memory/1644-11-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-18-0x000000000A9D0000-0x000000000B176000-memory.dmp

Filesize
7.6MB

Download
memory/1644-1-0x0000000000080000-0x0000000000083000-memory.dmp

Filesize
12KB

Download
memory/1644-7-0x0000000000330000-0x000000000037A000-memory.dmp

Filesize
296KB

Download
memory/1644-8-0x0000000000430000-0x000000000043C000-memory.dmp

Filesize
48KB

Download
memory/1644-9-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-3-0x000000007495E000-0x000000007495F000-memory.dmp

Filesize
4KB

Download
memory/1644-10-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-12-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-0-0x0000000000DB0000-0x0000000000E43000-memory.dmp

Filesize
588KB

Download
memory/1644-23-0x0000000000DB0000-0x0000000000E43000-memory.dmp

Filesize
588KB

Download
memory/1644-24-0x000000007495E000-0x000000007495F000-memory.dmp

Filesize
4KB

Download
memory/1644-25-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-26-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-28-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1644-29-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download