2ece07f7fc8e311e430be79b43a4f913e5ea4944b442081bcc9613398b5e551d

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 07:15 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
Size

137KB
MD5

151dc349a80dbf384aa4c1fccb7f4e8b
SHA1

8c8265f58e80f3ee2daca914ee820df38abc2492
SHA256

2ece07f7fc8e311e430be79b43a4f913e5ea4944b442081bcc9613398b5e551d
SHA512

4cb64e0d0b3878fc0d351b9a28ad8c21391895eee943dd87add1a9731f532bc17899ea69d611cd3d6f8db35f3b112e38f7c8119f5afb54d61b3c618a74108275
SSDEEP

1536:u/nrqyjrPvRu/BCjnqy8B/lCew3h0Yb9hzuMYaHqW5g1HklJNprKR9lpJtHL53Wn:Ye8jMCjM/keGyMYaKW6WXrORRJtrlq

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-30-0x0000000000400000-0x0000000000458000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\d1c6fb22f85ee59bf528904e3992dfc8 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\151DC3~1.EXE /r"	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
2184	151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2184

Network

DNS

d.trymedia.com

151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

d.trymedia.com

IN A

Response

No results found

8.8.8.8:53

d.trymedia.com

dns

151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

60 B
119 B
1
1

DNS Request

d.trymedia.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\connecting_icon[1]

Filesize
301B

MD5
81f2114b7bcc913245df781df3eb9ae5

SHA1
46beb25a2a30e66c65ebddb72f836542e3655d21

SHA256
13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

SHA512
446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

Download Submit
memory/2184-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2184-30-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/2184-32-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.