Analysis
-
max time kernel
141s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 01:21
Behavioral task
behavioral1
Sample
9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe
-
Size
816KB
-
MD5
9c8f02e6dae671ff523382f861905355
-
SHA1
d936458c321b6fddedb90f35ddc3ce2bfcdd3025
-
SHA256
1049f359c092c5ac01487f8d7a52f9bf3f16e3dbbad0ee686a5602fcdfde1eb7
-
SHA512
7cd04c48ce245a437acc88c1d50b76bd4e9de16763dccde9ee4b610ec6ec52c1ec57d8bf667805b6befca111cac8abe229b3834aeb34f2f877c1a03515620648
-
SSDEEP
12288:pAwPSrXW0jGsBP9Ht2HPgBWqGDBfHCXVLpeWFmfyJss3ikJIaQnwzptnc8xnjMp1:GWStgHPgvYtH1ZK2AJHz0OgXnwbELl
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3304-0-0x0000000000A70000-0x0000000000CD7000-memory.dmp upx behavioral2/memory/3304-8-0x0000000000A70000-0x0000000000CD7000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\IESettingSync 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe 3304 9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c8f02e6dae671ff523382f861905355_JaffaCakes118.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD560995d04e55f8d138cf5183e95942906
SHA1d90f51dd6705b94d7d3915dad623f61a7654a410
SHA25605b3464493d500473e1370aafd8c0b8db1678bd38353237141997607caf5c132
SHA5123886ba8025d96b3ba1522def75b997aec503505c14ec3364bba93fa8a5509c792b44bc67a9afbfcc4af9047bad69ae7c9dfd61ec094079cf7ddf3838704af871