54aabeaa5e24f2e75247438b2dbe08843224a4aa608dc4405d08a36bd858caa4

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 04:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe
Size

6.2MB
MD5

3354c19e87e052e4ac053a096c523a0f
SHA1

6aa72d1b3c47e38c2099ce52d502223c11baa067
SHA256

54aabeaa5e24f2e75247438b2dbe08843224a4aa608dc4405d08a36bd858caa4
SHA512

344dc95b86417c07b13bf65c9f2649589f41ac79bf5f7be599f872c6e0f3e85453838f100ee7b3432dc202f8a499909666a2deff23b74453b922f48842cc6d4a
SSDEEP

49152:EQFRHrmQG+dQG+QrzrmQG+dQG+X+dQG+9rpQG+dQGuG+XrmQRQG+dQG+X+dQG+9I:EcKewe9aeh+e9aeBaehl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1592	ufogy.exe

Loads dropped DLL 2 IoCs

pid	Process
1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe
1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	ufogy.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1592	ufogy.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1592	ufogy.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1592	ufogy.exe
1592	ufogy.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1592	1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe	31
PID 1948 wrote to memory of 1592	1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe	31
PID 1948 wrote to memory of 1592	1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe	31
PID 1948 wrote to memory of 1592	1948	3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\ufogy.exe
  C:\Users\Admin\AppData\Local\Temp\ufogy.exe -run C:\Users\Admin\AppData\Local\Temp\3354c19e87e052e4ac053a096c523a0f_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ufogy.exe

Filesize
7.9MB

MD5
7eb38a5101fefebcb47ef9d68f8a9a05

SHA1
147160a570e6b8cc244df97bd64d1f215e2bcb17

SHA256
e41bd9e8f7d20d61d019d739f39cdcec0593867c67ac221e0021bab21db493c3

SHA512
4af22aeea4e793191bab442a4d2f5a421daf1217f059e133480ce09d8ccb62928cb92d9a3242134a8afa2525c7b36db33b5e61c42256cfb75f556cfbad7fb5c2

Download Submit
memory/1592-62-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1592-51-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1948-16-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-13-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-33-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1948-32-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1948-31-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1948-30-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1948-29-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1948-28-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1948-27-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1948-26-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1948-25-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-24-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1948-23-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1948-22-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1948-21-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1948-20-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1948-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1948-14-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-17-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1948-1-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/1948-34-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1948-15-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1948-18-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1948-12-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-11-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-37-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1948-10-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-8-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1948-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1948-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1948-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1948-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1948-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1948-2-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1948-35-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1948-50-0x00000000032D0000-0x0000000003406000-memory.dmp

Filesize
1.2MB

Download
memory/1948-36-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1948-48-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1948-47-0x00000000032D0000-0x0000000003406000-memory.dmp

Filesize
1.2MB

Download
memory/1948-46-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/1948-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1948-64-0x00000000032D0000-0x0000000003406000-memory.dmp

Filesize
1.2MB

Download