41bed82f0f5d814194e8f808cd6bf202014b90832da0e4692578bd520f0fd04d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
Size

1.7MB
MD5

2eb5e57901349258161ce900bb21405c
SHA1

2d4612231f713253cb515cc6eaecb89bb65e6ed6
SHA256

41bed82f0f5d814194e8f808cd6bf202014b90832da0e4692578bd520f0fd04d
SHA512

a3167959988c4922590ad46491c26450ec4101d88afcb1fbe61322c37a91c8ef97786ab7434f9fdf1ee68115e3edf5a644ec937be5035ab9e3d2b4809fb6bb41
SSDEEP

49152:9hb4yJp3sXfYVkUL8NPCbfli4lJEDAU5mucBPQBkJ:T4kQfA5L8NPCjli4lJB4SJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
2708	2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2eb5e57901349258161ce900bb21405c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
224KB

MD5
5de3e6de5001ba45853c1824babe0774

SHA1
ce238d98ad066e53810e5872168bc84fc4f325cf

SHA256
5aa45b6024eae73a509041d0e532afef7a4a7fb5fb7e5efce29ff04313a6977e

SHA512
3b9945f6671c47cad49ab7e43ee24e430e3ce1b4d761604246c69aea9f4b8449a3133e8a7c8cf9f851e99525e7deedac414381a86f4d95faa80a471b7cb209db

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
11696f334778bda9231aa6b72bbcdaf7

SHA1
09c604c90578fcbd4f596bdb013938a7523afbc8

SHA256
f1cd13f9ec76d87d4f5351ec5eee092fc530cde46bc71f74e0bd6c9fd7de9b9c

SHA512
071e8bd5ab8e4f12bbaf949c6979207257147eb8aa1d6ef7741ada64938721a15f8e78c6f74e74b642bdb5fde1e99b6059275c1e6b3d294f6e6c9071dd5535d1

Download Submit
memory/2708-4-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2708-8-0x0000000000500000-0x000000000053B000-memory.dmp

Filesize
236KB

Download
memory/2708-39-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download