e42545df72690d708af9de5fbaab142e70ac00dd08cae2e1a9cb72055852f848

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Size

414KB
MD5

06c3a124a95e5f18f11bcb52ee84b687
SHA1

f27445cfee97a091b07a3867295fc799c5b3f461
SHA256

e42545df72690d708af9de5fbaab142e70ac00dd08cae2e1a9cb72055852f848
SHA512

3716b554740e7e143c346c24c2ce6d09b797aa1bb53672b661bdb832942667711e1c0a81253bb8b820794593d3915d61826753750aafb27d8cbce5057931bf01
SSDEEP

6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj83WIQ:LbwWRS5sc+ID9NODMQ7XJAK4gWIQ

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ANS2000.INI	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\system.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\win.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File created	C:\Windows\a3kebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3000	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
3000	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
3000	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
3000	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\index.html

Filesize
7KB

MD5
4d9634e4ae31ccdb83d2a86e363c0853

SHA1
bda692f4b79a615962c95617aa9ad04d026d3efb

SHA256
60cf6e51e0a6d430ea86c5840b7e0aff881c41f8a7b2f8f321f35e8e07395aea

SHA512
2d15e7e4aeb2641c3e464672d14f613575cf67183e05eb786ff09423311cfcb6669be4664442f7a74adf730df97103bf35a965a6a42969d3179ddcdb1cc1c571

Download Submit
C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\style.css

Filesize
2KB

MD5
d07c418be56a76cab52160596f51c5e9

SHA1
1845b428e288e833d406fd24c4e9be44ed130e00

SHA256
8863ecc303c7419247687e767a071f5cfc2ac4223f5c5fa2be344ec2a329ac01

SHA512
3a6ec4c079faf467ffe992ab64e60abe062f76c4ba797df16e760dc1d604fbe4cbd4f2e8b8096c9e439bce81ff1c5c9dcef3ef4fbafcefe22cbac8d5ceddcd8a

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
b3c56f7a010f2e508c54658cc4099ec5

SHA1
bc32ea57d76cea0e28eecda663bcf8c851959b8f

SHA256
c8e9c0a068db5b728340c58027316f9c359277e703a34840e88a13a5370f223c

SHA512
eedb5d95af9959923d9298456b535771e97a720f11be7a37b148edddb831c3b3e02c11ed4aad8be0dfcb2e44ba6787b061ecaf9072fb69c330d4a0c1ea096cf5

Download Submit
C:\Windows\win.ini

Filesize
568B

MD5
0991d973671411d3c1127f259297805f

SHA1
2d7d80bc3883c8d78d8ffc7cc8a45719c7d6ecfc

SHA256
b6149b2368a7dcbfa15ee8109123f965c8ef3c38c0c415005697a17a44b5291a

SHA512
77fe681b4fc7e2f3e39d2a63c6037f612c56c63405351ad0ba24d4128cfba3dc1fd00526fb28da3c95b215546436243f8624736a6e507c7ca06a5c1b8964d264

Download Submit