cfda00663657c13e1da04667506778175de1066c66060ea12a2b2940f34969b2

Analysis

max time kernel
143s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
Size

6.3MB
MD5

1b80790ba8ed8a3e56f22faad624f93f
SHA1

a9bc2704af0baf4e57b66b9af7fed40209ccd42a
SHA256

cfda00663657c13e1da04667506778175de1066c66060ea12a2b2940f34969b2
SHA512

6fd3c536060023f7e5d45086b680671cdfbac0d581d3daecab4a9b4db3fa9a189bdf08739634f01c062dd3d843145529c46c35103ba07c2c751ba203d8784b5d
SSDEEP

98304:YGxXT8TEZnrM29spGcoGw6HBArfEu/ybqBnyRcANcr3leS6dl+fToo1ck1:NXT8TSr1spGco4HBEY8/eS6dl+Uo1D1

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1624	IEMonitor.exe

Loads dropped DLL 3 IoCs

pid	Process
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1624	IEMonitor.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1932 set thread context of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeBackupPrivilege	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1624	IEMonitor.exe
1624	IEMonitor.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2768	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	28
PID 1932 wrote to memory of 1624	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	29
PID 1932 wrote to memory of 1624	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	29
PID 1932 wrote to memory of 1624	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	29
PID 1932 wrote to memory of 1624	1932	1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1b80790ba8ed8a3e56f22faad624f93f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\System32\svchost.exe -k netsvcs
  2⤵
  PID:2768
- C:\Users\Admin\AppData\Local\Temp\Stubs\F745BE~1\IEMonitor.exe
  "C:\Users\Admin\AppData\Local\Temp\Stubs\F745BE~1\IEMonitor.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\%AppData%\DMCache\settings.bak

Filesize
16KB

MD5
0ea6bfe352c113c38a93c7d0ef36152e

SHA1
a867ff6195d1971b585024daceb946abef31b150

SHA256
30907a8998ad8a1c40f919874553b2103185d7b9af78eef62d45d8e030a25949

SHA512
5cffc98f260c5bb29ca8364e57b831dbf720633b5eaa46bf29242ef427152bab490b9bed8a784b7538fe95fb2e11f93bcb4b84e6282e2262570dcf63a93ff72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\%AppData%\IDM\DwnlData\Admin\1719841177f1_0\log_0.log

Filesize
707B

MD5
c4601e9ef73b7dc4359c464827a43488

SHA1
fba6cef999488056d9ce9ce33e1822395866def6

SHA256
d4c53506873f748e0d2eb302a2b6c8a903031d099d8b4d239d6c1b0b42f06b94

SHA512
2282ae754ed305f1f5de882454aa84185e09ec55d31b3c36186233559389509af5b20f1e2e0b590da3d6c0d43648e3fe1d81ad8e485da70454ca0708a9bb5b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\%AppData%\IDM\DwnlData\Admin\update518_1\update518_1.log

Filesize
302B

MD5
e42460fd9728fcef5153894c85ceba39

SHA1
09d9ba79cfbeab863494dc5b727620a6e024c7f4

SHA256
4f1d6524514cc728cbad2026cdb0dec75cecd24fc840b4047d87294a55cf30d8

SHA512
bbedf714eefb8b75adc18f40152fcf420477ef081da783f4f64b04b9f71593fcdb200ba47ee6f70d44155e15fd0cd3abd83900a8c333828e32cc19d8e695d86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\Registry.rw.tvr

Filesize
68KB

MD5
00aa55445eab75e5febacd56eb249fdc

SHA1
1738e24db310fb998679a0793d0c7eb4440c9027

SHA256
430267b5a3f58d6016c5acb623db8c50bdff3a0e78ed7a9b57db55db3e913489

SHA512
bd889423cfa739e743353b56efea078225d97d18cd58ff129c51aa95abdb8dff51c41445626ea5846051c1132d2cf38764a04c7dc89e9505987ef77739c126d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\Registry.rw.tvr

Filesize
36KB

MD5
bd27e21fddc0a8a0dbf5dff2bfd8137a

SHA1
2b79f1503d6b0ce33761c3d06360a22012154668

SHA256
e32bfaf71ac218c42ed9b015bf72d863c8856c4324e1479e251b8ab7688674db

SHA512
74028303131147591f51d9479b305022f32e408d2ba431643f46275d0532c2ca5dfe0b251d18d7b916302cbba243ba1ccf7877d0d7f0690cb20848d6c6148aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager\Registry.rw.tvr.lck

Filesize
60B

MD5
efe69bc964ffcd452ab53ecfa19bd320

SHA1
78e162c67e192b103bf6f6f95b7bb76c71510302

SHA256
fc7a0ca0fbe992dac20a9d7b49d027e5bbe091fc47af9584add8808bbf268e40

SHA512
3f71939aba359a5df4f264a19e9e62762df62666b44a4c9e82639f80a49c74ba25861bcdae7e1f5bcca78e45bfb66e94751c7e21e3fe42fea655da697d42a247

Download Submit
\Users\Admin\AppData\Local\Temp\Internet Download Manager\TEMP\idmmkb.dll.TA

Filesize
8KB

MD5
6742760ad9e83791ae6c1aa069a3e580

SHA1
c86a09b1b74a0507d25a0c625a1de2ffe826b5a7

SHA256
dd98a05fb46cdd86ad4bbcb9e67fa617bd6ed262d858bb733e541f6ed31514cb

SHA512
7fd805191579cfc34627802a5d9bf5c3278cad6fd93d5a93e45ae8309e07c98ee325f3b4263443509244363df78349f10ef10963fae641145887ca69586eaa98

Download Submit
\Users\Admin\AppData\Local\Temp\Stubs\F745BE~1\IEMonitor.exe

Filesize
28KB

MD5
ee9831a0cbf586742438ac5c967a9298

SHA1
f745bef97f99b8d4668bf4987b14b0ee3d1175e9

SHA256
77aaa4c541bcd03ea3848b0882ecf704cf00339794b9a4f908416bb0d0f00072

SHA512
ab099b89fd1710fa78036b4f3f6aa53c8d1a39ffe3943be81f229d789adf4da4a41e27598d1217169e67670accb21a80f24f1d119bb7b814e74baa3ce78a557a

Download Submit
memory/1624-200-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1932-26-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-40-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/1932-32-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-31-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-21-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-20-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-19-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-18-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-13-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-12-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-11-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-25-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-22-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-30-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-38-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-39-0x0000000077810000-0x0000000077811000-memory.dmp

Filesize
4KB

Download
memory/1932-42-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/1932-46-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/1932-41-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/1932-2-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-56-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/1932-4-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-57-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/1932-6-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/1932-5-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-1-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-194-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-8-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-9-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-195-0x0000000004820000-0x0000000004863000-memory.dmp

Filesize
268KB

Download
memory/1932-196-0x0000000004820000-0x0000000004863000-memory.dmp

Filesize
268KB

Download
memory/1932-197-0x0000000077810000-0x0000000077811000-memory.dmp

Filesize
4KB

Download
memory/1932-10-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-198-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/1932-7-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-3-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/1932-0-0x0000000001FA0000-0x00000000020F2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-73-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-76-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-75-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-74-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-95-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/2768-69-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-68-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-84-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-67-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-82-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-66-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-77-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-83-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-85-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-86-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-89-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-90-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-100-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/2768-119-0x0000000000D20000-0x0000000000D28000-memory.dmp

Filesize
32KB

Download
memory/2768-112-0x0000000077810000-0x0000000077857000-memory.dmp

Filesize
284KB

Download
memory/2768-70-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-65-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-72-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-71-0x0000000000860000-0x00000000009B2000-memory.dmp

Filesize
1.3MB

Download
memory/2768-64-0x0000000000D20000-0x0000000000D28000-memory.dmp

Filesize
32KB

Download