Analysis
-
max time kernel
142s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14-06-2024 00:43
General
-
Target
a75e132050f5c7058f0c2ed5a655b40d_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
a75e132050f5c7058f0c2ed5a655b40d
-
SHA1
c4a4a30716588927ebc443ea31445fad043f96f6
-
SHA256
c67114225515ae14a3c8b1c0ae81ee6ef418279b5d7a751266df6b58cecbcf31
-
SHA512
4f19b573e9ad1f3b506467c3745caa91d2f0ac3400375301fb9d1e33db25c941f85aea182752221433f185fc374adcaf7b013cb0a10bd2309ccf1ab647099bda
-
SSDEEP
12288:/sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQ6:EV4W8hqBYgnBLfVqx1WjkH
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a75e132050f5c7058f0c2ed5a655b40d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a75e132050f5c7058f0c2ed5a655b40d_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3600 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5687cdb0eea2dfeceaa4a040cf3a968c4
SHA15d295464506c340d08aef94d9b97aaa985c4356c
SHA2568a8db8d7e0e0fec7a89e599fd742586ec2ffc6dc999ffd150a375548f32332a5
SHA512707ca7968046b8999cb0b7742bf86894b639d8d5c27be7233a222e8a14375dccfb30e65df54fd7b8f9bfdbb7f917fc7ef27fb0fc2e9a4b41e9884b38ec432a5b
-
Filesize
404B
MD58e318862cc424a08e5e0bad3a64f46fd
SHA1395779e13b231107ff3d28f03e3a3b17212cb07f
SHA25606966bff4d36803523070b5c1bd46c771b934744634cf9a7157a2ea8af519cf4
SHA51233b5124fe68c8d755087048ae1f04e8f7fb063033796da04f94e8c96e459277a64c738415dd83ada9d672fc1a060a99bf93509e4298089545fdeeda2302d2832
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee