Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 08:24
Behavioral task
behavioral1
Sample
a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe
-
Size
283KB
-
MD5
a49d4eda9951b72159688d62f03b8e68
-
SHA1
09cf5b6b052c7310d0b5ac6112e4d66ac89cfaf7
-
SHA256
135c085e065014ac3bf51cc616ba5416c750ef700c5e162ca642041e9b092aac
-
SHA512
1f936ef93ed49472358de1e92298ac0f8fc896fdb94c3ccfc99e8621c91ba0add2249836b98739fd0c19c795a59c351f9b832e506473b10828e3c45a80e2c654
-
SSDEEP
6144:bs3HCOzVY2mffDno60Bt2bh45oqnOCZsFc1ScJbpizDHr3GlBBwPoS994:w37zVDSrn2eh4XxsF+pJVizX3GlBOPo5
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1200-0-0x0000000000400000-0x00000000008C1000-memory.dmp upx behavioral1/memory/1200-1-0x0000000000400000-0x00000000008C1000-memory.dmp upx behavioral1/memory/1200-40-0x0000000000400000-0x00000000008C1000-memory.dmp upx behavioral1/memory/1200-41-0x0000000000400000-0x00000000008C1000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exepid process 1200 a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe 1200 a49d4eda9951b72159688d62f03b8e68_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\errorPageStrings[1]
Filesize2KB
MD5e3e4a98353f119b80b323302f26b78fa
SHA120ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA2569466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee