0372900cd23aea21c3566a970a0e82a8670bf53de1dd3f85aeb32eaef1e33cbc

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe
Size

664KB
MD5

2dd98feb7cdfaf9887d15645bef6921f
SHA1

41d25f89d9f6ad95ee63547f704f02a6380fedde
SHA256

0372900cd23aea21c3566a970a0e82a8670bf53de1dd3f85aeb32eaef1e33cbc
SHA512

3757aada8286e260d2cd2e7224405434155230948114d057ff57232cd26e29ec42e746490898805d6606e0e9caeda0c1a166f908d16f7cc7c544f38813a3c1d7
SSDEEP

12288:h0g2OzCIixclWBi/ebc+YOMb/y9uw0gUzo7zDKxZhIYizjakLiMoS:h0gGsj2bjMbGf0gU+qZhIXH/2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-27-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-28-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-29-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-30-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-31-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-32-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-33-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-34-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-35-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-36-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-37-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-38-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-39-0x0000000000400000-0x00000000005B5000-memory.dmp	upx
behavioral1/memory/2068-40-0x0000000000400000-0x00000000005B5000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2068	2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe
2068	2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe
2068	2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe
2068	2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2dd98feb7cdfaf9887d15645bef6921f_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-0-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-27-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-28-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-29-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-30-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-31-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-32-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-33-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-34-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-35-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-36-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-37-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-38-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-39-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download
memory/2068-40-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download