Overview

overview

6

Static

static

3

0adf47be3f...18.exe

windows7-x64

6

0adf47be3f...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    87s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    0adf47be3f783759daf407352a4e52bd

  • SHA1

    1d3df092397d0110ce03b2d235ed86d5649e45f1

  • SHA256

    dd92cd28935df3c471cfeeb227afa5828f3f6097c425c9be1831239b7a031da1

  • SHA512

    6c3faf53f7ddb4ac9e3de1ae1ca8bc99d9bb4e1ca964615a72986169f2bbd4afd18fd84fd28ee43ba064609a506979cc932a808a351fddac05aa0dabebc3a439

  • SSDEEP

    96:ktTkNHSlAsnCqVtNPwvf1svfQpWBXwWQ8IygzqcqG3AFmh0qnSFigMOkPZq63+Ex:0kNHSlAWVYESWQ8IyuqbG1h0bWOS4k8c

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4628
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads