83457d864193dfec35fa7ef8c1299de2049beb2ed2a7b987a7922f5842a3faad

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe
Size

6.2MB
MD5

adc4bdfae6cf1d6ead234855d9734e17
SHA1

879dc36297c03d2abe2604b6fc399c48f2cb3813
SHA256

83457d864193dfec35fa7ef8c1299de2049beb2ed2a7b987a7922f5842a3faad
SHA512

c3916b965dc4fd7325c81fed3bd849d25b72a1b12fc3c582802500a5ab916da4973c934a7d8bac0988187c6d502070694a03b121a3b9f79b58abfac27cd5b4fc
SSDEEP

196608:e3Jr33uJpjn5WZuJTzDPo9BrBmhqLwq94mdk2e:e5z3ubnouBDPwxkqjje

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\$wginstallertmp287\$wginstaller401	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Executes dropped EXE 1 IoCs

pid	Process
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Loads dropped DLL 10 IoCs

pid	Process
2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
2568	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2568	2208	adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\is-LVRQC.tmp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LVRQC.tmp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp" /SL5="$7011E,4866433,914432,C:\Users\Admin\AppData\Local\Temp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.exe"
  2⤵
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-LVRQC.tmp\adc4bdfae6cf1d6ead234855d9734e17_JaffaCakes118.tmp

Filesize
3.1MB

MD5
30abbc9416a9812cdb6fcfd313972fa2

SHA1
e52c5477684fe670596176df13757e91bad1bb41

SHA256
a8ed30af3c7b001430c177dcb13cc33e6245e15b23e9844711e4dff46122819b

SHA512
b4c0802840c1e8fded9d0e416191cc8d561e48f4688ce43f572107ac096f82d194d7e80e513e9cc4103c1ed810a28826da83321761180c25e479dd2a27d9a872

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\CallbackCtrl.dll

Filesize
11KB

MD5
8e504c752f130b74752e8cbb6286680f

SHA1
c5b2c17d48349b7c696c8d6bec8a2462c87d4e36

SHA256
f79ce2c6c0a4042325e92e9fc8132984ac145e31493492e7d9c1d5e88544199f

SHA512
13a0fa1b22fb1c0b336f1edccaf382c45f8f3b36b6002ce043435818a48a9a1dc98f647a85949daafc3609cffb821fb168469c80552305230f264a611ee38d91

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\InnoCallback.dll

Filesize
70KB

MD5
6a1e58c4cd79f796774879839e905819

SHA1
9a307f0548365666482ecfc47ef92370983af347

SHA256
80fc1da55964f5762af3b7e80639651cee78a19c140d6dd92d6c329f9e03c5d1

SHA512
0f16c23efd1e86cf67701b05ba02081d3293b8cd532a14f842cd0341a42382bd59456eba5233992621b979184cfd7b68731103bfe7f984abdf72e24222a23dd1

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\NetworkSupport.dll

Filesize
603KB

MD5
f8e0bf56f6898a3536b1538cc76c8a59

SHA1
4c27691d6c9ff6498214205ddbc5f3702d1b5ec9

SHA256
ff818443e5def37430031e52f6d3f80330848dd50e2cf08fa8a216128631ec91

SHA512
cf66b3bfc569a74b3ddc584d7186cb3fc62a2234a66603093374821b5e6215e021ed22f19840f7c56d8ab2758885814d48b930e41915bdf71ec4bd488c6bfe1b

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\VclStylesinno.dll

Filesize
3.2MB

MD5
805291a85f58787a38d2a30d47c626b4

SHA1
f3c41691b38a07215fe77cde23d5f2d5ec6817cc

SHA256
864de39680b1e53cfddb92231d8191074a5a15a5a1ce9c86c84423d538b8d33c

SHA512
298fc149105861badf16a6f0dc3277d6b1e98b553d9c66c469ce4d2c55588461464a0ce1e05e3fedf24be452182abb4ca6a56c0f307507521dffedb425585bb1

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\b2p.dll

Filesize
29KB

MD5
b7d0e6d9ddcd25ab22dc37924870051c

SHA1
c923a27c7ebbe0e9d22c93c2bc41f7d35945edeb

SHA256
f7d7324e3b1e2243acca83552f0d94325ba328fa5b34a2d09085dc6e06cb22e3

SHA512
4950d267e80547bf66187554daa5c7671e3ffd70d39ea5d6addcdd66f29cf1cf09ada2ec9a86df8050c597f555965c00a598eb1b7b71dfd18aad865e79c788f4

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\botva2.dll

Filesize
44KB

MD5
366e7196505692b22e67d6e07110455b

SHA1
761c4f2614d198c583917159accfcf95dc2c02be

SHA256
87c36c83963f4c345a8f31d1242c516cc0705a4ec6282379a19583a882b9c858

SHA512
947f11518614367914ee9f676da158227204425963af4f4af24c8b8e28de07f0814fc9c3bef75dc84d5a98ccc05a39f43920cd8fdb098c1f82a903bf61bdb187

Download Submit
\Users\Admin\AppData\Local\Temp\is-P15P5.tmp\layered.dll

Filesize
162KB

MD5
f869604a49ed7e68bcb5938aae608538

SHA1
e5c940a2a60c2b5471385be59b9fefb837fded1d

SHA256
37f0158695fd3839a82c9ba44bcaf16e38a273a5d43ae752082e3537a8192592

SHA512
f095155e0940bc02d4d32b10ec8b0e496bdae6a6b1f8549dc35b0f30d1ba2921f17fcf203298583f26b8301fe7317542499b1b9274c43877a8a6a7f0034bed7b

Download Submit
memory/2208-0-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2208-2-0x0000000000401000-0x0000000000424000-memory.dmp

Filesize
140KB

Download
memory/2568-83-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-78-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/2568-81-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/2568-79-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-77-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-76-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-75-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2568-73-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-72-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/2568-71-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-68-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-65-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-64-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-63-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2568-61-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-60-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2568-58-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-56-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-57-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2568-55-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-54-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2568-53-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-50-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-49-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-48-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2568-46-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-43-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-42-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2568-40-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-45-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2568-84-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2568-82-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-39-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2568-38-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-37-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-80-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-74-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-36-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2568-35-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-70-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-69-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2568-67-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-66-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2568-62-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-59-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-34-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-33-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2568-32-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-52-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-51-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2568-47-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-31-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-44-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-30-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2568-29-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-28-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-41-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-25-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-24-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2568-22-0x0000000005710000-0x0000000005A62000-memory.dmp

Filesize
3.3MB

Download
memory/2568-139-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-141-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-151-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-152-0x0000000074C30000-0x0000000074C41000-memory.dmp

Filesize
68KB

Download
memory/2568-26-0x0000000005A70000-0x0000000005BB0000-memory.dmp

Filesize
1.2MB

Download
memory/2568-27-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2568-145-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-142-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-140-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-8-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-155-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/2568-177-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download