f657a919dffa5362c0ad5b705d0115089a0349d9482b093959366a7ed48bec0c

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe
Size

208KB
MD5

08393aa665b189bfaded7eda03cc80ae
SHA1

ab56f455abd9d4a9125e4aeeaea18e31d0e07db4
SHA256

f657a919dffa5362c0ad5b705d0115089a0349d9482b093959366a7ed48bec0c
SHA512

7e23f76b02d9e277695542c5046a532c8eca390840970456e799de8248cf22393228848b4e488039ff061e066216692f3b417825a56bf834e832f9b25b83e6c1
SSDEEP

3072:faEYsyz5i5YzYdS6+DYbpaZP0laL67d7zWc1j5yUHr9xv0:SEsJ6bbpaZP+ae7d7zWGIULb8

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\222e2038213e2d652e332e = "C:\\Users\\Admin\\AppData\\Roaming\\sjuf.exe"	08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1676	08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1676	08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe
1676	08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08393aa665b189bfaded7eda03cc80ae_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-0-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1676-1-0x0000000000A90000-0x0000000000AC9000-memory.dmp

Filesize
228KB

Download
memory/1676-14-0x0000000000A90000-0x0000000000AC9000-memory.dmp

Filesize
228KB

Download
memory/1676-15-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1676-22-0x0000000000A90000-0x0000000000AC9000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads