Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 10:55

General

  • Target

    221d23b38504a37f37b9340ccb7c44a0_JaffaCakes118.exe

  • Size

    161KB

  • MD5

    221d23b38504a37f37b9340ccb7c44a0

  • SHA1

    78060990aa8aac534baed67bb417ca6c9353d755

  • SHA256

    4e7b4d9d4d673f79fe0cca4acb4ad5afca932db69275adae272e6c00e234d954

  • SHA512

    fe607fdea299c0fa5a71042a10c9dc2c594bd0ea45738f5540da6c75166856fbe0382332378e91765f8de9dbf9e701265e965c32f87542ca6ac1e1c8679a62fe

  • SSDEEP

    3072:4+hJZ+tlnaRwNdim6Ukh0bBGU6nHkFH4gHNzNdbvKnnBhyX3hSj:4+pUdG26IHNzbCnBEX30

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\221d23b38504a37f37b9340ccb7c44a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\221d23b38504a37f37b9340ccb7c44a0_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1128
      • C:\Users\Admin\AppData\Local\Temp\221d23b38504a37f37b9340ccb7c44a0_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\221d23b38504a37f37b9340ccb7c44a0_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Users\Admin\AppData\Roaming\Dkhjhm.exe
          "C:\Users\Admin\AppData\Roaming\Dkhjhm.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2568
          • C:\Users\Admin\AppData\Roaming\Dkhjhm.exe
            "C:\Users\Admin\AppData\Roaming\Dkhjhm.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2544
            • C:\Program Files (x86)\Internet Explorer\iexplore.exe
              "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:2712
              • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                6⤵
                • Modifies Internet Explorer settings
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2488
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
                  7⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:2612

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1678b9312d4dd0791e189ec450fd7ef8

            SHA1

            fad5aa139f9629f149c9e9989e11102e00d3899e

            SHA256

            5b14ea26939c5fbcded7cd78cbe2767351560ebed8120345d53f9efafdc470e9

            SHA512

            db3bd95539057d016aaec6db0a5874340cc13c3395c0184a00312f4c41b1630e7d773418eb0ef3c8c82318e035201e49d9900ca0421bf303789872d645d16179

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            474f0762b80cdcd20e0860e8db964009

            SHA1

            706feedc85facbf7ead1c35dc7d81632c49f0b4a

            SHA256

            61064150f7015d66e62a7f832c18854eccc2588740d2951c4662e5f0c2276135

            SHA512

            ea5eb31683ce9d8f20fc1f7666da09779c471efaa9eb5cf6019218e27e58132652538accfe3172b077b2765a63f2c19b1b8ffaa9ddc818dc7016e55a3a2f8b82

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            78b3178a807c49adb1240da5a186f7e4

            SHA1

            891ee249f6d1f407422f7cfa9f5a042ea3b96245

            SHA256

            342ebcb625a9b41b7bdd01c1453515004cb90d91d17184c8aa5a137b3c9ce691

            SHA512

            4b321ce664bfd70e27c2f44440a25c4bc46ad43acfb775ecce1ba7c3bf710c7054493382695cfcd28717c7e01223b850692279e127308f2cf3d577d61ac1c74d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            623f6d6af9568ab1b226879dfa3a762d

            SHA1

            88cdf0c857c66a9b81834c5f7d5ae0f4786fca7b

            SHA256

            7601672aa65ed95f00a2fdaff6c24163a208e9f03077c447d3ff5b4c50cd448d

            SHA512

            efaeec9af0b6379d0ca461e28bdc0c201bc8b25b94cb1dea40d753c339a8328592de2a8f129edc0a3a93c5e07c469bd6d84042e6e5f8153fe064c177c0f3124b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            83844cb5a5ca7ef0ce58f30889e4af5f

            SHA1

            d81a8a26dad4eb255c61c7c6ad3528c511da93c5

            SHA256

            40a7ddddf0002cb8ea4ac892de42da1b495f8a174f47fac342eb081df3487327

            SHA512

            51a83b0b205a2e9b0d40416a045d2d990f1ce5c91ab11bcbdc9cf237915d0ba0345ce9af4dcd554edc2441b5a40802ce8f3e5cf4574a46dcc62df5eca36d3b34

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f634c8f98c952a077f6e087d8745fbb7

            SHA1

            7569441492da180d0a8c1b3b681753a5d048c6e5

            SHA256

            e1ee4b9b880ee500c0ef26f20c4f231d4d4d2c3f2a32b2f37984256aad5f2730

            SHA512

            8d948f56f15618ae02cbb7e8bc1b7a84207b4a9850ea6e66e424411afbac504c242376a8bea742702950ffa7caa86eb8951fe098daef7ba76259720e347634fa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6c4b86358eab3f71f72861efc4c8e0da

            SHA1

            950d048298b65f01a1ca9db884182978859a1a26

            SHA256

            b3dd122b7e7ed0dc0600790064b5ab9b329773ec2322c36a0f3c2d37e0e2a853

            SHA512

            0235ecfc4faee9f711350a9a0f220b9e5f41ec2390934f15715102c8266b881c5733cdda7e97d93245f96b9d2c3459e0123df63911a33a4b14266f81c426e5a4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8a3ad9bfcf39b099f50261eeb37fffcb

            SHA1

            0a35ea8f1f4c06a68d7171d012b2edd2959042b6

            SHA256

            9047ede4c62907957c876efb50621bf208892a81524974612af2920bcf0e8b6a

            SHA512

            7803eda752e2c3036a9af20d6dfa1e987f632906f336dc9cf7957204766a5191536ed9c6a5b6d90cd14ce62128b0f1e52196fcd37b8e992c56c2c33f931b8c1b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9436d38804329f4779a67a324cb3d42e

            SHA1

            c92d5f1d3dffcc44dc0de8fa11f29fcb9bf4ea24

            SHA256

            5fbebeac3dd8607bc929d0e8b6111ced8880929b6b2c4468780fa86362a586ee

            SHA512

            520bf0d9173186dd3ce5968a0c5410fc8139ae975116f429835a9a07669fff71f734851ca8969cace09391380fe07e4ece5f97c8783f00ce33cace843898351d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8103fa6ee5a0fe7a9a6367f008fe880c

            SHA1

            16769a3c1c6054172c2715e3c9afb1a247588f2f

            SHA256

            61b75330c5754a5579ee1d59d1c053fee0893722a5f80b121766e26795c70ad1

            SHA512

            1a72334d28a2bdf75001ee35f9c80d8e873f088354d04b4ce95337716c81919c8755e980278e96ef9256dd0d4b57be4ea7caf2ff473d23d9f77f4e864109862e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ec7e7ec3c9131496d5882b1699920a4e

            SHA1

            16b7c102002e2a89637634e7321b82a1ce2f5ac8

            SHA256

            534ad15932e84e7ba90f7440eb15fba4814ee4e3e6db9cc4cadc40e9c42976b4

            SHA512

            4d34985dcbd5b521bcbf55be1df916aceaa7c99aa4d9be0726dade5f6352311fc48e6c0e116bc4d15d22b435ffcc315835c4807ab36cfa1d1d1e712b2ebebffa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            803c494e8dfa78742e8b64f7983e3813

            SHA1

            2c7e47dd2552e6fc916c9316970b923aa434a874

            SHA256

            79b9eaa7ef4e60f269b9a616774a493af545ba28c2a742c1c7537b16d6ed30cb

            SHA512

            65a0e2eec66bc8988c5421300d12ee1283852343876a9b4ba5bd84c734f692b2b03f893d5dcfccbb5bf0d4d250f5eafa773634360bb7e3d7e91ca3942c35871e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            52982b6b58e8fa830a248dcd52890288

            SHA1

            5d7481f444a851d63192f502da5952e081eff735

            SHA256

            7f61694de26c5426f62833624e93bc0f7c9b8c8c4283042eeb49e3d495e870e8

            SHA512

            558096e9b31be63ae23d07ac591a262a1e35129f44feaeb01efe32783171b4162047e74ae1c97c1d08f13356971dad66cdcdd4fd252106011b56903403920178

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            53821a6699cc6e01963c153063b036e6

            SHA1

            fb8a4fdc24ccfa433305c4148434028e35ba4f47

            SHA256

            4a4ec218647859db05832fc1e56f151f318afb48f1a0a4527a3459d01f376b3c

            SHA512

            dba14d1fb42b01f3e7515afd98850e53c8694be4e5ace89d05261c0847c4d095a60642e4fabf96024bab07220edac53b87295aa364feffea1d4aeb5245ee3d8e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c03270c56f9887203a6c1ac81dc547aa

            SHA1

            816dc9591d6a6509502d4a44b871f8843ead86f4

            SHA256

            9874dac668aa0c9a83c1cd89694e6ff549d4d58a3e6af437b05d3bc9c28d074c

            SHA512

            0c0ccf26f0be55dac274eb633d78ee052bdb156d695b812ec3aaf52fb20c9bd8e2969d7f3278d2ecb1d03cb0559baa9047c91da7f2f9c88b290650f1684028a1

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cfbb212d45d08a09e28adfa09b58b7a9

            SHA1

            3f46255fd6917bb0809bc530a00fc203f60ef8ed

            SHA256

            cf6faede5c3c3950a83dbfbbc8ed6bbf2274669b1be5933aa513b32441160580

            SHA512

            ed3875318b605d367ec1bfca0d5f671c403fd83b58e095f19117d7bb8788018acb40800e29124305a3f89f2593e28b0a51b3da469ba18453bd420fa5788a0cfd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cd0ae082128f71e3b4b4219cc580453e

            SHA1

            3a3424271b58d42d691727f6d7dc055ddd7eecf6

            SHA256

            6db3add9620df5d99187965cace4d1f1ec9c18a6cccd3d66a2ac74aeecd0a886

            SHA512

            b49142ff1b6517407e586a7409b0cf643b5b15a30841e7350668ea06d5dcc5a10c857f528b269226ec218085db2570f3428e1045f51c72c5d3cdaf5647bfaea2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            69ef3a636878e3d803ee6cf854b8b180

            SHA1

            e536ae026bb9b471bf231e6e70920a8db55f5055

            SHA256

            ad509abae98508c3695a967ccd8fc611cdc786951dc26abf55165e6baff730ba

            SHA512

            e88bb613042c48c8f7f9f2ba7b11cec799b8f565b46922ba23119cd17d94761dd9f3a034064569275dfe5edd3460455fbee0edbc74b252ee538cd756c7b657fa

          • C:\Users\Admin\AppData\Local\Temp\Cab2CCC.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar2DAF.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \Users\Admin\AppData\Roaming\Dkhjhm.exe

            Filesize

            161KB

            MD5

            221d23b38504a37f37b9340ccb7c44a0

            SHA1

            78060990aa8aac534baed67bb417ca6c9353d755

            SHA256

            4e7b4d9d4d673f79fe0cca4acb4ad5afca932db69275adae272e6c00e234d954

            SHA512

            fe607fdea299c0fa5a71042a10c9dc2c594bd0ea45738f5540da6c75166856fbe0382332378e91765f8de9dbf9e701265e965c32f87542ca6ac1e1c8679a62fe

          • memory/2544-46-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2544-45-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-15-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-0-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-4-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-8-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-14-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-12-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

          • memory/2904-6-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-2-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2904-27-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB