71313eff23b29c4e3f2820a0a4198e976d952943369677cdde0634b832e7c5b4

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
Size

1.8MB
MD5

9827dfd7e331a7a56a2452c12043b0c4
SHA1

561af7a190a427d65d8b297aa6bb7a696d59c963
SHA256

71313eff23b29c4e3f2820a0a4198e976d952943369677cdde0634b832e7c5b4
SHA512

dd49c2642b02b3c171de9073ab3d138542fcac09f055e1a619f280b2bb724c37bd572ce810a86f83ca67ecc125488af483cc0b47bc3dfb82b1b402500d94d86a
SSDEEP

24576:0PIR4nvIiX7CqLcepYkgwxbCaxVfDf/bHueaC8DcrJzxGGF8aXW27IYODOhdlIPg:0PzF8O+57s5TYniy4gF9/yZ9rRhiGGR6

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30D90991-A7B5-523E-AE3B-30B1EED5D661}	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30D90991-A7B5-523E-AE3B-30B1EED5D661}\ = "Outlook CalendarView"	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1924	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1924	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1924	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
1924	9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9827dfd7e331a7a56a2452c12043b0c4_JaffaCakes118.exe"
1⤵
- Checks BIOS information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-1-0x0000000002200000-0x000000000235A000-memory.dmp

Filesize
1.4MB

Download
memory/1924-8-0x0000000002200000-0x000000000235A000-memory.dmp

Filesize
1.4MB

Download
memory/1924-10-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-13-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-14-0x0000000002200000-0x000000000235A000-memory.dmp

Filesize
1.4MB

Download
memory/1924-12-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-11-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-17-0x0000000002200000-0x000000000235A000-memory.dmp

Filesize
1.4MB

Download
memory/1924-22-0x0000000000400000-0x0000000000620000-memory.dmp

Filesize
2.1MB

Download
memory/1924-24-0x0000000002200000-0x000000000235A000-memory.dmp

Filesize
1.4MB

Download