Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 00:19

General

  • Target

    a31c7ac1d7d255d252963d58189b225a_JaffaCakes118.exe

  • Size

    4.2MB

  • MD5

    a31c7ac1d7d255d252963d58189b225a

  • SHA1

    e77493df404c629c8d5aea4df32ea3d3da566ecc

  • SHA256

    129dbfd7965d1c39f4d724d85f5beb36e5ab9f1c32234d3af4be905bd6278adb

  • SHA512

    632a847fe2fcb104e7adf69d9d44d3d39231ee95d44b21922aed7f08d19f7673a4d83e7d7b2036dccc4d2821a71856fbe1b0c0652c7ba20c807e21c48368d625

  • SSDEEP

    98304:eh7lpe9VT3xWC7cusXJNwBewxnvjo5qcoZLPhHMUZNp:of+VFW4MWB/i5qcoZLps8p

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31c7ac1d7d255d252963d58189b225a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a31c7ac1d7d255d252963d58189b225a_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\InstallTmp\Config.txt

    Filesize

    2KB

    MD5

    97e0900626e84a9c8a54325d2e71d056

    SHA1

    40accf98a478dfc4b4bdb1ada35a57095fb062ab

    SHA256

    6b181303ce57f62ecef04dcff7236d13637fa262428540747efe0ea3b5c461e9

    SHA512

    2ae036669647e380d1e3617f8f684a533f2afb868af7786464e68b8338743bb889031de562a5f4cfd88d4aa39639208b0007cc6299f551311f8d95f94b37c6d7

  • C:\Users\Admin\AppData\Local\Temp\InstallTmp\Readme.txt

    Filesize

    5KB

    MD5

    660283212989828403126967ca7af80e

    SHA1

    d2390fbf12c5692f3046a75fa6d10582831e06e3

    SHA256

    2b883de63e0b3e25a31ee2813a1e868c6733439167ad77ae46284699e286a8e0

    SHA512

    01d49226a00e4b7abce0843f30dcd3e5815146c3a444fc1f8b3ad462c2749e152084c5a994a6eb6cd4abb1b316680c0a3d78f5fecfc896dec5e9a9af39a90754

  • memory/2160-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

  • memory/2160-182-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

  • memory/2160-184-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB