Analysis Overview
SHA256
16e5c3b11d202d74cc723470ce9d68e9c166ebd1d4f7bac9ab782b910d17e2dc
Threat Level: Shows suspicious behavior
The file a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 06:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 06:57
Reported
2024-06-14 06:59
Platform
win7-20240508-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liapedcpjfogjakipkplljngomamaiik\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe
"C:\Users\Admin\AppData\Local\Temp/00294823/umypQ1hCsK.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe
| MD5 | 2f21b030acc94619252a33d36dc2694c |
| SHA1 | 82c9801ec0d132500bc823defe9aaa1b8679d198 |
| SHA256 | bf0a543d607d8c4f6a64ceb3a09488cfd7631191eb2c6ff6db3532ff1d34a62b |
| SHA512 | 27cb565725965634f7ee0b50ec1502cc188273194c4960545d503e91891d59d842d7a1c3f4b3347d501dd2e5ee89af9b148be1c7fbc6df65488a675eb42e030f |
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.dat
| MD5 | 3674cc6f48edcf6409cc2cf74aeb5052 |
| SHA1 | 2da344a23d5e1e663c836ce581ea67c11f8fc8de |
| SHA256 | 9575c9e27c0c351892e1e88bc4dab14f55f105b43b60a3228599c85d0189d099 |
| SHA512 | ef5c78aa22d9a21ed201716ffea8b669073095714e2857ce0596986b6793b270114ec1f0f13428cb78de2ec2c4f94ca78c90a7008c91bd531d440930a547a1a6 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\background.html
| MD5 | 69149d2f17bd339e09edde3150565e34 |
| SHA1 | 5723aac5c7343ac8e9c5323336ad310293bb21a5 |
| SHA256 | 0d3ca859b2a91c39d537761ef4e321d7db61bb00176aa09378f86a8bf8a6a0d5 |
| SHA512 | 2a82b4ac5a393fa08cbc1693584f84105a72af5ccad1487b23df3938152ccb9673dbfa948a42238a13395cc308f4e1c4bfde9e5edde2fa413f0226a2251354ae |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\content.js
| MD5 | 5f9891607f65f433b0690bae7088b2c1 |
| SHA1 | b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de |
| SHA256 | fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b |
| SHA512 | 76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\DDoMwHVj8m_.js
| MD5 | a2fc8498dda3769805b3f3644d55c5cb |
| SHA1 | d697d34445c2ecb5c18be6bee5769f033a370a51 |
| SHA256 | 469c21d222d88b581ce6c6889d31f8fe9fc1fb54be764354b66df6549844f72f |
| SHA512 | 743b6e7e1e5e988b80f3f8065e9b33e05ce570c36c8d6a49614b7b7becda72a2cf7c119f1d8be40848abd30766e57c70a73b41da2f93a79a8a4394eef76fd944 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\lsdb.js
| MD5 | 209b7ae0b6d8c3f9687c979d03b08089 |
| SHA1 | 6449f8bff917115eef4e7488fae61942a869200f |
| SHA256 | e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704 |
| SHA512 | 1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\icon48.png
| MD5 | 2d9fa528304f24e9cd384cf3db6fdd79 |
| SHA1 | 1c3e8f317a4d6f7d0072d6fc11d513f57387d9ee |
| SHA256 | e6fb5927cd13f2c4f3e5096f7f278dc56aece7575389a8db6efb8d85aefaba20 |
| SHA512 | d31a056a26b8d2a98f6f298c1ae50fe130b0c52923ebbbb8886ad54dd60ab713032f86f4337fa03874877f702578cfe856fd960aa1c480a7c5d47a21a1092339 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\manifest.json
| MD5 | 0f0aa57fd1bded558f59162fa2f15011 |
| SHA1 | ad1010c0cd071bc86eb6ad660b84d961676bc211 |
| SHA256 | 0c5efe6140a17946f1ebc4ad45cef38233860d76e7d3c71ec31ad04cfa1f8040 |
| SHA512 | 04d67916998c6e060b524605c43eeb584a639cfce2172d6bb523b57d77e2464f69f0f203fa76fef379a7b0ceb1c609fc960a6105756d5ce9d71cd7b9f9c507a4 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\sqlite.js
| MD5 | d1c5ced21d976720ce2f861eb5496842 |
| SHA1 | f633258f024d6a430aa8f55e04d98c963c91b8b4 |
| SHA256 | b2b197d3014357b41c8fc2519a2af4c3b868d45a4aba0daf409ef8150ce418ea |
| SHA512 | 57c4b8ac6d1bf8e1dfa4dd7c275c53bfad684ef388776f96919ec3b9cc5f5eb52b693edf58c303920e022b1d1ea164f5cfa9eb5b2c4aea416e981739492fb152 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 06:57
Reported
2024-06-14 06:59
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liapedcpjfogjakipkplljngomamaiik\1.0\manifest.json | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4008 wrote to memory of 400 | N/A | C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe |
| PID 4008 wrote to memory of 400 | N/A | C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe |
| PID 4008 wrote to memory of 400 | N/A | C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a86ba7b2d74e7d734c30d96d839fa093_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe
"C:\Users\Admin\AppData\Local\Temp/00294823/umypQ1hCsK.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4232,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.exe
| MD5 | 2f21b030acc94619252a33d36dc2694c |
| SHA1 | 82c9801ec0d132500bc823defe9aaa1b8679d198 |
| SHA256 | bf0a543d607d8c4f6a64ceb3a09488cfd7631191eb2c6ff6db3532ff1d34a62b |
| SHA512 | 27cb565725965634f7ee0b50ec1502cc188273194c4960545d503e91891d59d842d7a1c3f4b3347d501dd2e5ee89af9b148be1c7fbc6df65488a675eb42e030f |
C:\Users\Admin\AppData\Local\Temp\00294823\umypQ1hCsK.dat
| MD5 | 3674cc6f48edcf6409cc2cf74aeb5052 |
| SHA1 | 2da344a23d5e1e663c836ce581ea67c11f8fc8de |
| SHA256 | 9575c9e27c0c351892e1e88bc4dab14f55f105b43b60a3228599c85d0189d099 |
| SHA512 | ef5c78aa22d9a21ed201716ffea8b669073095714e2857ce0596986b6793b270114ec1f0f13428cb78de2ec2c4f94ca78c90a7008c91bd531d440930a547a1a6 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\icon48.png
| MD5 | 2d9fa528304f24e9cd384cf3db6fdd79 |
| SHA1 | 1c3e8f317a4d6f7d0072d6fc11d513f57387d9ee |
| SHA256 | e6fb5927cd13f2c4f3e5096f7f278dc56aece7575389a8db6efb8d85aefaba20 |
| SHA512 | d31a056a26b8d2a98f6f298c1ae50fe130b0c52923ebbbb8886ad54dd60ab713032f86f4337fa03874877f702578cfe856fd960aa1c480a7c5d47a21a1092339 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\DDoMwHVj8m_.js
| MD5 | a2fc8498dda3769805b3f3644d55c5cb |
| SHA1 | d697d34445c2ecb5c18be6bee5769f033a370a51 |
| SHA256 | 469c21d222d88b581ce6c6889d31f8fe9fc1fb54be764354b66df6549844f72f |
| SHA512 | 743b6e7e1e5e988b80f3f8065e9b33e05ce570c36c8d6a49614b7b7becda72a2cf7c119f1d8be40848abd30766e57c70a73b41da2f93a79a8a4394eef76fd944 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\content.js
| MD5 | 5f9891607f65f433b0690bae7088b2c1 |
| SHA1 | b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de |
| SHA256 | fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b |
| SHA512 | 76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\background.html
| MD5 | 69149d2f17bd339e09edde3150565e34 |
| SHA1 | 5723aac5c7343ac8e9c5323336ad310293bb21a5 |
| SHA256 | 0d3ca859b2a91c39d537761ef4e321d7db61bb00176aa09378f86a8bf8a6a0d5 |
| SHA512 | 2a82b4ac5a393fa08cbc1693584f84105a72af5ccad1487b23df3938152ccb9673dbfa948a42238a13395cc308f4e1c4bfde9e5edde2fa413f0226a2251354ae |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\lsdb.js
| MD5 | 209b7ae0b6d8c3f9687c979d03b08089 |
| SHA1 | 6449f8bff917115eef4e7488fae61942a869200f |
| SHA256 | e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704 |
| SHA512 | 1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\manifest.json
| MD5 | 0f0aa57fd1bded558f59162fa2f15011 |
| SHA1 | ad1010c0cd071bc86eb6ad660b84d961676bc211 |
| SHA256 | 0c5efe6140a17946f1ebc4ad45cef38233860d76e7d3c71ec31ad04cfa1f8040 |
| SHA512 | 04d67916998c6e060b524605c43eeb584a639cfce2172d6bb523b57d77e2464f69f0f203fa76fef379a7b0ceb1c609fc960a6105756d5ce9d71cd7b9f9c507a4 |
C:\Users\Admin\AppData\Local\Temp\00294823\liapedcpjfogjakipkplljngomamaiik\sqlite.js
| MD5 | d1c5ced21d976720ce2f861eb5496842 |
| SHA1 | f633258f024d6a430aa8f55e04d98c963c91b8b4 |
| SHA256 | b2b197d3014357b41c8fc2519a2af4c3b868d45a4aba0daf409ef8150ce418ea |
| SHA512 | 57c4b8ac6d1bf8e1dfa4dd7c275c53bfad684ef388776f96919ec3b9cc5f5eb52b693edf58c303920e022b1d1ea164f5cfa9eb5b2c4aea416e981739492fb152 |