e42545df72690d708af9de5fbaab142e70ac00dd08cae2e1a9cb72055852f848

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Size

414KB
MD5

06c3a124a95e5f18f11bcb52ee84b687
SHA1

f27445cfee97a091b07a3867295fc799c5b3f461
SHA256

e42545df72690d708af9de5fbaab142e70ac00dd08cae2e1a9cb72055852f848
SHA512

3716b554740e7e143c346c24c2ce6d09b797aa1bb53672b661bdb832942667711e1c0a81253bb8b820794593d3915d61826753750aafb27d8cbce5057931bf01
SSDEEP

6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj83WIQ:LbwWRS5sc+ID9NODMQ7XJAK4gWIQ

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\win.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File created	C:\Windows\a3kebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
File opened for modification	C:\Windows\ANS2000.INI	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\IESettingSync	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4280	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
4280	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
4280	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
4280	06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06c3a124a95e5f18f11bcb52ee84b687_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\index.html

Filesize
7KB

MD5
4d9634e4ae31ccdb83d2a86e363c0853

SHA1
bda692f4b79a615962c95617aa9ad04d026d3efb

SHA256
60cf6e51e0a6d430ea86c5840b7e0aff881c41f8a7b2f8f321f35e8e07395aea

SHA512
2d15e7e4aeb2641c3e464672d14f613575cf67183e05eb786ff09423311cfcb6669be4664442f7a74adf730df97103bf35a965a6a42969d3179ddcdb1cc1c571

Download Submit
C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\style.css

Filesize
2KB

MD5
d07c418be56a76cab52160596f51c5e9

SHA1
1845b428e288e833d406fd24c4e9be44ed130e00

SHA256
8863ecc303c7419247687e767a071f5cfc2ac4223f5c5fa2be344ec2a329ac01

SHA512
3a6ec4c079faf467ffe992ab64e60abe062f76c4ba797df16e760dc1d604fbe4cbd4f2e8b8096c9e439bce81ff1c5c9dcef3ef4fbafcefe22cbac8d5ceddcd8a

Download Submit
C:\Windows\system.ini

Filesize
276B

MD5
1e3f26d4f1115a33b5282fc2025bd42f

SHA1
411199b37c19d345126444ca40a27081ee9bd7ad

SHA256
fb81336e8d0e7a29998b7471f9e46bed6a6c11f7081b00f0cef82de24c21f6e1

SHA512
8f4d07481b2c5c94a4df97b707ff6b9816066c4b30cc359472656d50787c43b1d0fba48985dd00b37738173cbce21a8ea74af1e68eccaafe8a012c6961dc0f76

Download Submit
C:\Windows\win.ini

Filesize
179B

MD5
6cdcbf80b1447d841d473c8682cdd861

SHA1
4e71366466a04844697e58af652afe51e3d28fc1

SHA256
ca4542ccf1a005de2cbbc9bdc7619ef527b0f813c517f73e4f61f978e86be08d

SHA512
c2fe69e99e95201af0124316e992477dd2b70029dd79f5f9a0ad55af0f13840f6660073de35b2de3e5b8b392521ea305fa89e94840c36b8c3c42e1e25c366a4b

Download Submit