c6f27c548d2730b950e8d7d5a38f5e365da4546f846007ebe728aa787e1b9bc6

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
Size

1.5MB
MD5

3333365c75360e225cc78d423ee99aae
SHA1

a50207c6aacc5d45eb2547a692ed7c5b221c4b56
SHA256

c6f27c548d2730b950e8d7d5a38f5e365da4546f846007ebe728aa787e1b9bc6
SHA512

21b335f24e44feaef8c959517f0915259cfd03be39ef2d5e9ff10d85bb3b71a71577890dc3c9dd7920c2cd3dc9c73d32121e53f9ae81dc6f76db26e5d9e1ddcb
SSDEEP

24576:iubA6eH4k/lIt8jXRhQggqGTSqji0b/rxtf4RUmBdHUinmnmYPPvWhWvikoqmxo6:i0eYiXRhjgdx17Ftf8BdHpnDYPP+h832

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-6-0x0000000000400000-0x00000000004D6000-memory.dmp	upx
behavioral1/memory/1712-23-0x0000000000400000-0x00000000004D6000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.2345.com/?410"	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
1712	3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3333365c75360e225cc78d423ee99aae_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Filesize
2KB

MD5
90d550505968923fe196e95990fbc797

SHA1
ef21757dfc97a8994b1350abc5f19d1c129fccc0

SHA256
ee6cbaac002384f07d9778a9bbdf339ff043ef82d8407382274504b3cd4b7abc

SHA512
fd577e272cca98f2d7f223d1a653517a35798cdb1897bab392ab04909b7ea1bd3a99428502bab569f8813362ba4863007963bdb54f52b2dc8932bc922e775635

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1KB

MD5
c91e34ed9af666701e782f7ddfe5439e

SHA1
dbf6e51c8cbf2416c91062c2fdc59db0eebe1bbe

SHA256
8583cf66f80ee6beecddcc96e2471f83bc65db333fee7c1ec050aabe13e98051

SHA512
b94d851bfccc98deb10ac14526742436b063ec81afbe568c4152c5131ba4757b82418b52b5192c0cc96633dd5806c37bc23f57993caab9955f51e887d94d1b9c

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
85652feb8f7e57e6c36dbac0cfa9a447

SHA1
163138f18de1e41e6cf41bac65e56c810761c631

SHA256
cfe4c80ccbe47012730c52232923ea02d6ce8614ecd82ff675651ecf12b2d5ce

SHA512
9953538e306b0194a97fd31f7d04aff01a48c36d59a02ca919077c9d768c233078d5bcc5b2ef85e21a6887a9552f3f9cd91d38d1fd63ed0dd52d5c81d049feef

Download Submit
\Users\Admin\AppData\Local\Temp\vlss\eAPI.fne

Filesize
328KB

MD5
cbd788f4c71b9776660d6e8473ae0e09

SHA1
0189cd47bfa5d1cac0d7f1a33953d279f60b02bf

SHA256
db0a6d7b75503daaf93c8e62ce67abd3afd57daaef4a448ec25a43d1de69e47e

SHA512
84bc02c67e3a3a9f77418b25afe7ec55e5bb5ca5a6c05503d94dffa57a30c7608e79bb4f83fe91c39ccce16872df2b3f9e7e5a8eafb4f563b1f961b93e9b8c94

Download Submit
\Users\Admin\AppData\Local\Temp\vlss\iext.fnr

Filesize
216KB

MD5
cba933625bfa502fc4a1d9f34e1e4473

SHA1
5319194388c0e53321f99f1541b97af191999a09

SHA256
25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

SHA512
f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

Download Submit
\Users\Admin\AppData\Local\Temp\vlss\iext2.fne

Filesize
460KB

MD5
6eb20bb6cafd6d31e871ed3abd65a59c

SHA1
ae6495ea4241bcde20e415f2940313785a4a10d2

SHA256
2b3fe250f07229eaa58d1bc0c4ac103ba69ad622c27410151ce1d6d46a174bae

SHA512
562edc1f058bc280333a6659fceb5a51b3a40bea7aca87db09b0cc1ca1966f26f2a7e4760b944e2502e20257544f85cf9c32f583f1dec06271a35dcfb8fa90f4

Download Submit
\Users\Admin\AppData\Local\Temp\vlss\krnln.fnr

Filesize
1.1MB

MD5
638e737b2293cf7b1f14c0b4fb1f3289

SHA1
f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

SHA256
baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

SHA512
4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

Download Submit
memory/1712-6-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/1712-12-0x0000000000340000-0x0000000000384000-memory.dmp

Filesize
272KB

Download
memory/1712-16-0x00000000021E0000-0x0000000002263000-memory.dmp

Filesize
524KB

Download
memory/1712-20-0x0000000003820000-0x0000000003881000-memory.dmp

Filesize
388KB

Download
memory/1712-23-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download