ba0e5df37ccf1c4c19ab5d87c158f8c1cd4085592ca3c7fb5a6f50dce0bca3ec

Analysis

max time kernel
137s
max time network
137s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 15:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
Size

100KB
MD5

22f0f2b120065dcac887b58242250c56
SHA1

b7e036b3cc8fb7fdc07c0153a14e96828ec736f5
SHA256

ba0e5df37ccf1c4c19ab5d87c158f8c1cd4085592ca3c7fb5a6f50dce0bca3ec
SHA512

a822b6cf5deb1d453a7ee6f4703ac2ba5576b62c1a3f636c480e41121ef45e2e3d1305c88d3321f3cd7ff27205b57a387ae4919465bd5a9fb065279755550027
SSDEEP

1536:VjpXWzF0RvO7lVzcj5nFCrzCnlFmLD02z1DO5Sp26wXz/K:VEF0RwcFYrzClFmHLBDOcp2/Xzy

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\winlogon = "C:\\Windows\\winlogon.exe"	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\lsass = "C:\\Windows\\lsass.exe"	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\winlogon.exe	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
File opened for modification	C:\Windows\winlogon.exe	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
File created	C:\Windows\lsass.exe	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
File opened for modification	C:\Windows\lsass.exe	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2460	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
2460	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
2460	22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22f0f2b120065dcac887b58242250c56_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\winlogon.exe

Filesize
100KB

MD5
22f0f2b120065dcac887b58242250c56

SHA1
b7e036b3cc8fb7fdc07c0153a14e96828ec736f5

SHA256
ba0e5df37ccf1c4c19ab5d87c158f8c1cd4085592ca3c7fb5a6f50dce0bca3ec

SHA512
a822b6cf5deb1d453a7ee6f4703ac2ba5576b62c1a3f636c480e41121ef45e2e3d1305c88d3321f3cd7ff27205b57a387ae4919465bd5a9fb065279755550027

Download Submit
memory/2460-2-0x00000000042A0000-0x0000000005302000-memory.dmp

Filesize
16.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads