7a8bbc7e610a2289e5d1c2f89d74b532de9e45f27efe65550b7c4c7ca4ef28ad

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 10:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
Size

316KB
MD5

8a32c9e8b00ec3cc796ba3450b55f38d
SHA1

4a0fc6283e34828344bc010393b817bb82245aa6
SHA256

7a8bbc7e610a2289e5d1c2f89d74b532de9e45f27efe65550b7c4c7ca4ef28ad
SHA512

e86c6c5541ca298f13f7a78cd39ad4b43e6e4ca02546654522da812c9714966e9855c2b990e84e82898b17bd3bdeaf5ceb67b556ec06ce80016e728a55fe29ef
SSDEEP

6144:b6y579pvPxVELbii5bkgVuN+xSKV7Wkrsf7LskTYz7wucA0oz:uy579hJOXikbkgaISKVE6dcLg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2996	7FBBF98F-7704-467B-A23F-557E1BB18877.exe

Loads dropped DLL 6 IoCs

pid	Process
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2996	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	28
PID 2356 wrote to memory of 2996	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	28
PID 2356 wrote to memory of 2996	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	28
PID 2356 wrote to memory of 2996	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	28
PID 2356 wrote to memory of 2684	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2684	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2684	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2684	2356	8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a32c9e8b00ec3cc796ba3450b55f38d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\7FBBF98F-7704-467B-A23F-557E1BB18877.exe
  "C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\7FBBF98F-7704-467B-A23F-557E1BB18877.exe" -y -p7F8879AE-C236-41D2-80F9-F0D1780C89BC
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\start.hta
  2⤵
  - Modifies Internet Explorer settings
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\lib90823.dll

Filesize
122KB

MD5
940963a88f95e1a88fcd43ac13fe7a18

SHA1
3aecd3fd9d9ce61838ee10d5d6bda494bae654de

SHA256
05e87d488a6a15911268d1b8aedea5f1c6ac5653cdcd4c0384301efe75872358

SHA512
13fbc7d6ef820424bf98e19176103e7ec5c2995aaeb1dc75aefffd96a755aaf3766e9f6e4c623574675876d9ddb869546189da63e224d39da053a3389d764a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\loader.gif

Filesize
1KB

MD5
e88ebd85dd56110ac6ea93fe0922988e

SHA1
684a31d864d33ff736234c41ac4e8d2c7f90d5ae

SHA256
379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

SHA512
211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\start.hta

Filesize
1KB

MD5
9bbdda852677117290a7a3f130638079

SHA1
48390e93abf77599ae64023160cb8ae143189777

SHA256
6e8fcc04c8bf6e07448f7bd47cb304f374873045355b66e160db965ca9685f34

SHA512
1d94b9074ac16cc84b76209a258313282437019838c6b759f8e1c9a665ea104b1e5d197c42b5896b4d89fe7087501017d13a5912272084592c5a218dc635aaa9

Download Submit
\Users\Admin\AppData\Local\Temp\ab74fbd5-3289-48c9-b0e8-a88444a64e2e\7FBBF98F-7704-467B-A23F-557E1BB18877.exe

Filesize
204KB

MD5
a7c0c1e2c985b41de1f2521b6114d966

SHA1
69da91f7f6193d53ceae50777e2d99636325e08a

SHA256
98e4bf78e2bbb609057063c95802aa5290c56729d6bc7f4b9817041b1a5483de

SHA512
6a8a7152e76d24bb7c9b2032d43e9cbb6d8fc791f83c03257ff5016efee4dd7fc761a3bc591b36cd3fe6ce749fe8ccffcc3c571d1273a94fcb3fb136236c01c8

Download Submit