Analysis Overview
SHA256
559d87ca5367eac152b1a179e44de6dd1e07b8dbaeaaf9cd3823e5601a0381d1
Threat Level: Shows suspicious behavior
The file a5e253bea590628a79f279952d774138_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:53
Reported
2024-06-13 13:55
Platform
win7-20240221-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe | N/A |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe | N/A |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2524 wrote to memory of 2740 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe |
| PID 2524 wrote to memory of 2740 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe |
| PID 2524 wrote to memory of 2740 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe |
| PID 2524 wrote to memory of 2740 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe
"C:\Users\Admin\AppData\Local\Temp/0a4b2514/vxKjVI3i.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.exe
| MD5 | 0920b67a31662468e9eafdb6d9bc0f72 |
| SHA1 | 3ca4031563a9844ff9d10d745d5365a902f556f8 |
| SHA256 | 70ff83a4291e85aeac5037e92e8d743fbd63ed8d3dd72f436e0400e341f7ca65 |
| SHA512 | a8c0022e13f55a62d7f2b9e186aa67d2dcb4636faf6c8a5afcddf7c28aaa87c87d1bb7e64abbeb75c0c065fec7c41ebd4792f6405e4563303ffa51d79b7f41ea |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\vxKjVI3i.dat
| MD5 | 30970d73f6b8ddec17d1eb0edecf0dcd |
| SHA1 | 8c3cc046d2074504b4122670845c945c074315dc |
| SHA256 | fae332f73966df6488a2ba33d8792ee59b780866ae89fd204acb54efbdb1f2d6 |
| SHA512 | a77c4cfdb672630dd674da3ee38d19c5323ac8f376c10a7af4a39928450a76111451dda2fbdb0ed1050be54a60c793b8a8293cef7f01dcc19bc0350c2115dc0e |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\bcgfamhbionkbpcapdgknaecfcjlmjgk\background.html
| MD5 | 84b8fec6b3d29df13fdfa2003016ba2b |
| SHA1 | 67952ed5773745eea36b248fb50b342e374ee929 |
| SHA256 | 95597245bc0d71aa8a87c2131fc8fa1df8e799f4be63e6cc030b7ae3d73b4b7e |
| SHA512 | 463a2eae5b4be9bcb183194b10272bf9401d33608b36fd254239e23805651b16e3168a7ac43a3e0d8bafaf79ad7df3c4f870e5eeb4ca88f02dba69282b9a867c |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\bcgfamhbionkbpcapdgknaecfcjlmjgk\content.js
| MD5 | dbd727a2a1d1df3aed6c5405a5c977e5 |
| SHA1 | fde242f7daf8244f6374c1a11938de97afb34434 |
| SHA256 | f64806e6e773bad1b7106ef9f77a0de517d4052843eeb55efb86d24eaa99803d |
| SHA512 | 2dc899b240bdb82a4e6db8edb7bd655623d67fbbc43927da15af5bfcae5a5a4de3cd292047a4e77b8850ee9fce37aee639b3a7c14ee7d663d4f400584bd556f6 |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\bcgfamhbionkbpcapdgknaecfcjlmjgk\lsdb.js
| MD5 | cbda098bd1697f1905b3f775e01a3546 |
| SHA1 | 91f4421ef14d80f81765796d154b4ca9ad708bb3 |
| SHA256 | 85b308b1824950c417466900fd4907b44cdc9ca24bda04fca39d760f3f1aad81 |
| SHA512 | b0aaff934ee39578aef92d10767d04eb0a8d9967518757161cfab7058984cd7b203eea563ebc21fbdb0e609e32e668149a72f3612fe316f5e017b77adc1f23f2 |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\bcgfamhbionkbpcapdgknaecfcjlmjgk\manifest.json
| MD5 | a43145217bd7cf15cc6af7e5fc2b3312 |
| SHA1 | 0589c6ae194583de25b9629f918be65f458a2160 |
| SHA256 | 98bf341a7b139a21ff4640d195050d5e1830802129fa0e6ae3f9979b0b3c6337 |
| SHA512 | a405a10b986dc789da23518ced983ed1b549d45b2ffeef2bed0c36786d6f85444b79e2e094567a7894817bab820999aca79886fdec99241f0d96ba8f7913d869 |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\bcgfamhbionkbpcapdgknaecfcjlmjgk\VgYX3CZjD.js
| MD5 | a2ca2155cb59a9872a4d5e875189295d |
| SHA1 | 18ffed0af892f38000147251d262ff7d414c8ed3 |
| SHA256 | 1c1372e520d90eaac2efd4949558f6729355ea96e7be53a4074a87c8e84ecd2a |
| SHA512 | 46adedb1633d1ddda82af09a849673924e39f06743a4df92c3c70456864aba920113909e6d46d506d4067b88ea8221ac5c3fee624cbca24c0c6b701ae2528046 |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\[email protected]\chrome.manifest
| MD5 | f78726514ecfbe04ebd2730cab30e2ff |
| SHA1 | 34c2d3acb433b4091677cf59b912f4272dc4b9a9 |
| SHA256 | 22e17e79366c1351a0b1dc1f0eb35d55e6bc750250f6aa173ed0d6e31ef5c8e1 |
| SHA512 | 2862a86593a0bd6adf364c87e4cb6402bc40e0bb8835ef4765ecb74cf606aa6fa35f6963404d19c670b8c0a315b72219ee18e72be7335884707118d8e0513184 |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\[email protected]\install.rdf
| MD5 | a33d7124d5e6b12b531823696d7f521a |
| SHA1 | 8e10906089049f2143653b6f2a38fc90a1282acd |
| SHA256 | 1d1cfeb7a3b6891dcee420c1f139bbaa860de708b27819f3f9e11eabe117e131 |
| SHA512 | 4f73324bf7bbe33feac473d16d01b8281f2604b693868d6492ffd0d575687c48ea5f5e4df6ba44c85d5505bff32d0ad8aa4ba515ba68f66dca875e5107f9d8cf |
C:\Users\Admin\AppData\Local\Temp\0a4b2514\[email protected]\content\bg.js
| MD5 | 6c6ef6ae926454b89a62f13e85406c84 |
| SHA1 | 21cfff87473223fdb0ba1fd1d040e087c992c77b |
| SHA256 | fa8ad1c11729ebb4e82fcef4c0bd472e78fa12140a4ce72304fd5256c8a5d031 |
| SHA512 | 09c0187de821224c61db7778537d794abbdf8c161d781a5f98cb0480afbb07b29bb6271a3dcdb0e58611489fcfd6c06324f4284bfdb364b200510f6bb83d8fb9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:53
Reported
2024-06-13 13:55
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
| File created | C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
| File created | C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1980 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe |
| PID 1980 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe |
| PID 1980 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5e253bea590628a79f279952d774138_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe
"C:\Users\Admin\AppData\Local\Temp/290e71f3/vxKjVI3i.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.exe
| MD5 | 0920b67a31662468e9eafdb6d9bc0f72 |
| SHA1 | 3ca4031563a9844ff9d10d745d5365a902f556f8 |
| SHA256 | 70ff83a4291e85aeac5037e92e8d743fbd63ed8d3dd72f436e0400e341f7ca65 |
| SHA512 | a8c0022e13f55a62d7f2b9e186aa67d2dcb4636faf6c8a5afcddf7c28aaa87c87d1bb7e64abbeb75c0c065fec7c41ebd4792f6405e4563303ffa51d79b7f41ea |
C:\Users\Admin\AppData\Local\Temp\290e71f3\vxKjVI3i.dat
| MD5 | 30970d73f6b8ddec17d1eb0edecf0dcd |
| SHA1 | 8c3cc046d2074504b4122670845c945c074315dc |
| SHA256 | fae332f73966df6488a2ba33d8792ee59b780866ae89fd204acb54efbdb1f2d6 |
| SHA512 | a77c4cfdb672630dd674da3ee38d19c5323ac8f376c10a7af4a39928450a76111451dda2fbdb0ed1050be54a60c793b8a8293cef7f01dcc19bc0350c2115dc0e |
C:\Users\Admin\AppData\Local\Temp\290e71f3\bcgfamhbionkbpcapdgknaecfcjlmjgk\background.html
| MD5 | 84b8fec6b3d29df13fdfa2003016ba2b |
| SHA1 | 67952ed5773745eea36b248fb50b342e374ee929 |
| SHA256 | 95597245bc0d71aa8a87c2131fc8fa1df8e799f4be63e6cc030b7ae3d73b4b7e |
| SHA512 | 463a2eae5b4be9bcb183194b10272bf9401d33608b36fd254239e23805651b16e3168a7ac43a3e0d8bafaf79ad7df3c4f870e5eeb4ca88f02dba69282b9a867c |
C:\Users\Admin\AppData\Local\Temp\290e71f3\bcgfamhbionkbpcapdgknaecfcjlmjgk\content.js
| MD5 | dbd727a2a1d1df3aed6c5405a5c977e5 |
| SHA1 | fde242f7daf8244f6374c1a11938de97afb34434 |
| SHA256 | f64806e6e773bad1b7106ef9f77a0de517d4052843eeb55efb86d24eaa99803d |
| SHA512 | 2dc899b240bdb82a4e6db8edb7bd655623d67fbbc43927da15af5bfcae5a5a4de3cd292047a4e77b8850ee9fce37aee639b3a7c14ee7d663d4f400584bd556f6 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\bcgfamhbionkbpcapdgknaecfcjlmjgk\lsdb.js
| MD5 | cbda098bd1697f1905b3f775e01a3546 |
| SHA1 | 91f4421ef14d80f81765796d154b4ca9ad708bb3 |
| SHA256 | 85b308b1824950c417466900fd4907b44cdc9ca24bda04fca39d760f3f1aad81 |
| SHA512 | b0aaff934ee39578aef92d10767d04eb0a8d9967518757161cfab7058984cd7b203eea563ebc21fbdb0e609e32e668149a72f3612fe316f5e017b77adc1f23f2 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\bcgfamhbionkbpcapdgknaecfcjlmjgk\manifest.json
| MD5 | a43145217bd7cf15cc6af7e5fc2b3312 |
| SHA1 | 0589c6ae194583de25b9629f918be65f458a2160 |
| SHA256 | 98bf341a7b139a21ff4640d195050d5e1830802129fa0e6ae3f9979b0b3c6337 |
| SHA512 | a405a10b986dc789da23518ced983ed1b549d45b2ffeef2bed0c36786d6f85444b79e2e094567a7894817bab820999aca79886fdec99241f0d96ba8f7913d869 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\bcgfamhbionkbpcapdgknaecfcjlmjgk\VgYX3CZjD.js
| MD5 | a2ca2155cb59a9872a4d5e875189295d |
| SHA1 | 18ffed0af892f38000147251d262ff7d414c8ed3 |
| SHA256 | 1c1372e520d90eaac2efd4949558f6729355ea96e7be53a4074a87c8e84ecd2a |
| SHA512 | 46adedb1633d1ddda82af09a849673924e39f06743a4df92c3c70456864aba920113909e6d46d506d4067b88ea8221ac5c3fee624cbca24c0c6b701ae2528046 |
C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\VgYX3CZjD.js
| MD5 | e691afb65efe012047f19ac4e255dd75 |
| SHA1 | 561de0ef0e96b803772e11717f7566806b53fe13 |
| SHA256 | defd134facb984a3d519a5506b9497a57cebfa1b54aab0b54b6db75b34ad24d4 |
| SHA512 | 04d022ab54ffc0569117e8e910dffe4345c77dce1bf2faf681e627842d65f371240bedd117f53048903e833a75d8d78028f24ce23b2928eeffa63b2c94d4c4cd |
C:\Users\Admin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\manifest.json
| MD5 | 6112c38d0d9a271ef0fc2c7d48c6b6af |
| SHA1 | 9f8bbe60dbd78699094c1b132bfa796180f959d0 |
| SHA256 | 7735cd372e59cc8010da46299e25b0d752a62c80951a76a7b12595aef4d8c181 |
| SHA512 | e46ff84d87570475259544ed5dd215e718eafde29ca57d7342acf5ec8a51b95213696fd6c849cf25d14f70cef290135ea159a4491940db47111fa15e937ac118 |
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bcgfamhbionkbpcapdgknaecfcjlmjgk\5.14\lsdb.js
| MD5 | 901bd51ae1704f55806d174122d5f0c9 |
| SHA1 | b72c4bf7a0e6b66fa5362171d3ac617900ee0435 |
| SHA256 | d0b1b323ff366f7520119d5814a207af93057bd9ce2b165267d73bca60b825b0 |
| SHA512 | 96e0f085a4ef2cbd7756d1d7ce1def3cde9bcfd33efdd69bfbff4d6aa31128218ecc459dfc8e7556c23254af92e29ff29983df83e214f08a0b49448d3c2b9309 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |
C:\Users\Admin\AppData\Local\Temp\290e71f3\[email protected]\content\bg.js
| MD5 | 6c6ef6ae926454b89a62f13e85406c84 |
| SHA1 | 21cfff87473223fdb0ba1fd1d040e087c992c77b |
| SHA256 | fa8ad1c11729ebb4e82fcef4c0bd472e78fa12140a4ce72304fd5256c8a5d031 |
| SHA512 | 09c0187de821224c61db7778537d794abbdf8c161d781a5f98cb0480afbb07b29bb6271a3dcdb0e58611489fcfd6c06324f4284bfdb364b200510f6bb83d8fb9 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\[email protected]\chrome.manifest
| MD5 | f78726514ecfbe04ebd2730cab30e2ff |
| SHA1 | 34c2d3acb433b4091677cf59b912f4272dc4b9a9 |
| SHA256 | 22e17e79366c1351a0b1dc1f0eb35d55e6bc750250f6aa173ed0d6e31ef5c8e1 |
| SHA512 | 2862a86593a0bd6adf364c87e4cb6402bc40e0bb8835ef4765ecb74cf606aa6fa35f6963404d19c670b8c0a315b72219ee18e72be7335884707118d8e0513184 |
C:\Users\Admin\AppData\Local\Temp\290e71f3\[email protected]\install.rdf
| MD5 | a33d7124d5e6b12b531823696d7f521a |
| SHA1 | 8e10906089049f2143653b6f2a38fc90a1282acd |
| SHA256 | 1d1cfeb7a3b6891dcee420c1f139bbaa860de708b27819f3f9e11eabe117e131 |
| SHA512 | 4f73324bf7bbe33feac473d16d01b8281f2604b693868d6492ffd0d575687c48ea5f5e4df6ba44c85d5505bff32d0ad8aa4ba515ba68f66dca875e5107f9d8cf |