Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    18-06-2024 14:14

General

  • Target

    bc5ec34a555a51850cfe6f4b558a763e_JaffaCakes118.exe

  • Size

    892KB

  • MD5

    bc5ec34a555a51850cfe6f4b558a763e

  • SHA1

    ffe733f2ba13a03a11ae799eea714c1dd4380533

  • SHA256

    3ee9446317071ade4a37d2c4cdf0db3cbec1ad65b3a259c6113fe93269f32cb9

  • SHA512

    e8da90d3046dc15042db9ad2ecdb95333cda6beaa3566182e941b4a923b11b2204b967fdfcf9a0faf66c01abd2738f0b52aa9e8c3bdb0ac41abe3a3db9c24d9c

  • SSDEEP

    24576:lQRC/bzPRPBkVTEmPw6G31MVN98yga3PQGnRZR6MIRgE3n:lQRQbzmQm46nv+gwn

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc5ec34a555a51850cfe6f4b558a763e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bc5ec34a555a51850cfe6f4b558a763e_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2036

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2036-2-0x00000000020D0000-0x0000000002256000-memory.dmp
    Filesize

    1.5MB

  • memory/2036-11-0x00000000020D0000-0x0000000002256000-memory.dmp
    Filesize

    1.5MB

  • memory/2036-10-0x00000000020D0000-0x0000000002256000-memory.dmp
    Filesize

    1.5MB

  • memory/2036-9-0x00000000020D0000-0x0000000002256000-memory.dmp
    Filesize

    1.5MB

  • memory/2036-12-0x0000000000410000-0x0000000000411000-memory.dmp
    Filesize

    4KB

  • memory/2036-14-0x0000000000410000-0x0000000000411000-memory.dmp
    Filesize

    4KB