2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b205c28732d3532708b24b071d351a44_JaffaCakes118.exe
Size

460KB
MD5

b205c28732d3532708b24b071d351a44
SHA1

b8795b7ab31178f9a8e025869dc002e76fe8d5a2
SHA256

2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f
SHA512

8c27e3c5777205dfd0177e3ddda36cf62ec4fb9593d935c0ea071417562e41fd80d59fbb915540a5b738b05d74a1fb46fda320923daf75a4ebdd52014882c2c2
SSDEEP

6144:Re1x8OvFt/056aMOQWmqjKYZaHZacAoIDpTuxX+kyaclsmO1oBdjkU+TEH0afBSJ:Qv/i6jOQlqLZa5VAAslsmOGZ91e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1928	mcsmvzpebpmhc.exe

Loads dropped DLL 2 IoCs

pid	Process
2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe
2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	mcsmvzpebpmhc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1928	mcsmvzpebpmhc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1928	mcsmvzpebpmhc.exe
1928	mcsmvzpebpmhc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1928	2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1928	2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1928	2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1928	2420	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\b205c28732d3532708b24b071d351a44_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b205c28732d3532708b24b071d351a44_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe
  "C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\parent.txt

Filesize
460KB

MD5
b205c28732d3532708b24b071d351a44

SHA1
b8795b7ab31178f9a8e025869dc002e76fe8d5a2

SHA256
2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f

SHA512
8c27e3c5777205dfd0177e3ddda36cf62ec4fb9593d935c0ea071417562e41fd80d59fbb915540a5b738b05d74a1fb46fda320923daf75a4ebdd52014882c2c2

Download Submit
\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
memory/1928-14-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-11-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-12-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-13-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-10-0x0000000000930000-0x0000000000974000-memory.dmp

Filesize
272KB

Download
memory/1928-15-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-16-0x000007FEF55EE000-0x000007FEF55EF000-memory.dmp

Filesize
4KB

Download
memory/1928-17-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-8-0x000007FEF55EE000-0x000007FEF55EF000-memory.dmp

Filesize
4KB

Download
memory/1928-20-0x000007FEF5330000-0x000007FEF5CCD000-memory.dmp

Filesize
9.6MB

Download
memory/1928-25-0x0000000021400000-0x0000000021BA6000-memory.dmp

Filesize
7.6MB

Download