Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 07:37

General

  • Target

    26c3ce51ea5f512973518a41c46ead42_JaffaCakes118.exe

  • Size

    152KB

  • MD5

    26c3ce51ea5f512973518a41c46ead42

  • SHA1

    e8ff6e516cd820311eea653c12f85c1430a3ce5c

  • SHA256

    3194d2072144a376ea7b6134f465586ab6ffb4be8a392d4dc274d18f5977cb71

  • SHA512

    7a8efe8e8b6a114bf0eaffd940047db90b0bba30e4dbb163d5daec55d8481c48f9ac5694775768e0d049fd9d54a9b1dffe1763cbc538624d5726dbd6f159687f

  • SSDEEP

    3072:ltCzs/mVASDVnwevtGjg9DPXcEE+uFXx6kOV/wa19kjygULCO42J:Sw+GSDbvZNUvxVADVYa143UL54u

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26c3ce51ea5f512973518a41c46ead42_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\26c3ce51ea5f512973518a41c46ead42_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2792

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\msxml71.dll

          Filesize

          126KB

          MD5

          2777f5941dc359f2a6fcc46a42b8a2c9

          SHA1

          fe67ffb19044c2365100e1fb78cf3e36348a1ef9

          SHA256

          fec18fac14e2ba839b9b39565d723b01e103a9aa10d4f7d419256802d4676494

          SHA512

          98b28ff12bfc64a8d105d9438b43942dfbe633840d9a15d4b0a56e294048c6c53bb8dc14f8d5852c53224d7542662ec551e3fa1edd0b2937bc328307033eedd3

        • memory/2792-3-0x0000000010000000-0x0000000010061000-memory.dmp

          Filesize

          388KB

        • memory/2792-17820-0x0000000010000000-0x0000000010061000-memory.dmp

          Filesize

          388KB

        • memory/2792-19980-0x0000000010000000-0x0000000010061000-memory.dmp

          Filesize

          388KB

        • memory/2792-32494-0x0000000010000000-0x0000000010061000-memory.dmp

          Filesize

          388KB

        • memory/2792-35639-0x0000000010000000-0x0000000010061000-memory.dmp

          Filesize

          388KB