Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 10:41

General

  • Target

    11b8dec4860e18494fd077f5e1e1ea96_JaffaCakes118.exe

  • Size

    968KB

  • MD5

    11b8dec4860e18494fd077f5e1e1ea96

  • SHA1

    ff9969b96603261b6299f49db86fbd5e0e94b072

  • SHA256

    189e0ced0a024d3af5ffef40132db7d09b1488d912b69cfaae10f6f7f93b1d57

  • SHA512

    31cee2dee7dc14885e8c6bd0560f9c6636d850cb5bfed0e2fec1e73a7f264dd2a45c14deecf0bb88b11eb384f5382e52ae36bc9242f03ab16770f68a9befce7b

  • SSDEEP

    24576:OOeFa7ebKiOQsKFLEstyU012EAyO1mjn7PidHhcBB:OFYTQsNstydAyO12O3c

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11b8dec4860e18494fd077f5e1e1ea96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\11b8dec4860e18494fd077f5e1e1ea96_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\IELOCK.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Windows\SysWOW64\at.exe
        at /delete /y
        3⤵
          PID:2668
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c time /t
          3⤵
            PID:2956
          • C:\Windows\SysWOW64\at.exe
            at 10:41 /interactive /every:m,t,w,th,f,s,su "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.shenlan520.cn
            3⤵
              PID:2612
            • C:\Windows\SysWOW64\at.exe
              at 11:41 /interactive /every:m,t,w,th,f,s,su "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.92qyw.com
              3⤵
                PID:2096

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\IELOCK.bat

            Filesize

            1KB

            MD5

            eab895f7de20b92da0412f006069f3bd

            SHA1

            75ff405267f375d77bd469953149e9023ba30e95

            SHA256

            58a44568dec6833d28f88ce9c9dd00a4d10d7f4ed0eb00f0812fabdfe7bb266a

            SHA512

            857523dc9bf6fabbfcb302572eb1013b223c24e38c0ad1e9cf1915c7744334fa30ea7af8c58d04039d824ee7e277a9d209b7e55a3b787221ae2523ec30474d03

          • memory/1704-0-0x0000000000400000-0x0000000000650000-memory.dmp

            Filesize

            2.3MB