a4b2303fad411e18324cfd7f1788718d1f28a85977fe83b35ae00f7a6dabe02d

Analysis

max time kernel
130s
max time network
140s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe
Size

313KB
MD5

a1e7869cb622c083e05b0830bb559a52
SHA1

839a5051ff23266ece6af9303ad97f112de178d6
SHA256

a4b2303fad411e18324cfd7f1788718d1f28a85977fe83b35ae00f7a6dabe02d
SHA512

7e4fd9124904781d8353187845da43e6398e3da7278af40ed6a05f11ca693318de60d572d4f6a5a90cedcff8bc6df2bded03788e369b1743f97a6f4882032dd6
SSDEEP

6144:mV24jwnTGLyoE2fsAu6i6xgB1A/QXoCPk96zmLpYS:mV2mwnTyyoE2fsz6xgBu1C6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
288	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe
288	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	288	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
288	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe
288	a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1e7869cb622c083e05b0830bb559a52_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bhsCCD.tmp

Filesize
242KB

MD5
87eab94f6e6627bd2fd3170f95a2eed9

SHA1
2a97153c16443db59bb9887ac982293250ebdb1b

SHA256
a60c5b1d5cdddf7a08e1af8a58b7e0fe1d09b08e4938f61f207e149b30d6653c

SHA512
1697582fc05aa087c2a680020ca56fafb8af424be7cef3428b840c86594a18e6bc447e4ad8becc3f63c63c918763fdba8252c72c6b3855ba783a4800c7e2ab92

Download Submit
memory/288-7-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-3-0x0000000000300000-0x0000000000342000-memory.dmp

Filesize
264KB

Download
memory/288-4-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-5-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-6-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-0-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/288-10-0x000000000AA10000-0x000000000B1B6000-memory.dmp

Filesize
7.6MB

Download
memory/288-18-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/288-19-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-20-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-21-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/288-22-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download