82f9edf54f265d98283d9fee2b8d88cb62cf55651fb8ff334ecb0131eb0b48ce

Analysis

max time kernel
133s
max time network
143s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe
Size

381KB
MD5

942549f035d0fb3b80b19f5355c2c5a8
SHA1

75d3ae83fa0fdc456d64ec0db8fd2fad1d434894
SHA256

82f9edf54f265d98283d9fee2b8d88cb62cf55651fb8ff334ecb0131eb0b48ce
SHA512

d50d6ac1a68159864e764965df9c3244b6920e5d3b4d07dd32b56bd48f6c9bc6e7f02e88f3ff80db73d56ae1aa44ad2b7353e99f2158fa21e2d96f2ca982ea15
SSDEEP

6144:bf5g6CEAyz5eNueaoG9eFsAiWAWQbx4a5Tk/Y/X:bq6JXz5esb1IFNxf7aWwX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2484	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe
2484	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2484	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe
2484	942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\942549f035d0fb3b80b19f5355c2c5a8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jki1999.tmp

Filesize
263KB

MD5
01eb38a98103445a310f6c535ac610c1

SHA1
2368c5303c22145c06c4fb21b5ba978cb8d45a8c

SHA256
14bb8b8f3cd9860d8ba610d1aa32448a09bb77e4677520973ce1a215d5517cc7

SHA512
58e4a0a2ebbf7feb572941e33bdb2e9d5f63737b1c2a5b2c0a6ab85925e43690007f64b074f8a17ee6525c7b892cbcb1cc2a63b1d76dc5aba5a5b873c8f1c16d

Download Submit
memory/2484-1-0x000000007496E000-0x000000007496F000-memory.dmp

Filesize
4KB

Download
memory/2484-5-0x0000000000360000-0x00000000003A6000-memory.dmp

Filesize
280KB

Download
memory/2484-6-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-7-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-8-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-9-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-15-0x000000000CDF0000-0x000000000D596000-memory.dmp

Filesize
7.6MB

Download
memory/2484-20-0x000000007496E000-0x000000007496F000-memory.dmp

Filesize
4KB

Download
memory/2484-21-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-22-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2484-23-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download