18a4b7196aceb2d5f2bf87b608592fbaffc857c6cc433470f257b983c4a091af

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
Size

546KB
MD5

352a1c5f047c13aa6cabf58d1c0a3842
SHA1

d80d4f445588f7b96238d2e2059d0cc3ae17ba2a
SHA256

18a4b7196aceb2d5f2bf87b608592fbaffc857c6cc433470f257b983c4a091af
SHA512

58b7b3320bb02c021d80b41ad90993783e3ccb799456018edfb0bcfd0ac99d777130191331d2ea84355c1accdef4d6b228104cab4aaf649098649b471fb37496
SSDEEP

12288:LbwWRS5sc+ID9NODMQ7XJAK4rIv2zlmGECxoikfD:jRS53NODMNrIdGEikfD

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ANS2000.INI	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
File opened for modification	C:\Windows\system.ini	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
File opened for modification	C:\Windows\win.ini	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
File created	C:\Windows\a3kebook.ini	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2356	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
2356	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
2356	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
2356	352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\352a1c5f047c13aa6cabf58d1c0a3842_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\49687-080513-143629-87.a2k\__cover.html

Filesize
5KB

MD5
5b83df6e8b0d9153427f3afc6e306179

SHA1
13ac49c49080b3388d847ae52dbd32abeb76d832

SHA256
5889caba121fd87621747d27c7e9f9aa22ce63a3b60dfc7badc98a075df3d39b

SHA512
f0b31d2c9a66340b42e1c81d987923f92be290d4739815676f56c721c519f7918396d745c0dfa5acae3f8f9e6be0b8c91b0841f1ce84427cf156beaad59d7ac8

Download Submit
C:\Windows\system.ini

Filesize
276B

MD5
06c012f710b9f3c19b26721a983c57fa

SHA1
2ac2cbb9804a61da5087f8ac089ebe17c81a9892

SHA256
d47082309e46c632dcb4cb20783204f2afc94ef1fa3f6b18f98fdb509241ba5f

SHA512
b4368095ed231992d0713babfb629fbabbb839fa12c7893d277c1e759d5b561ce9f155e8cfc2be622febd307a075b932a555d1d1137100d8a407eb99c08e0592

Download Submit
C:\Windows\win.ini

Filesize
568B

MD5
12dfa2ea9539da2b55fac2967a2b4f85

SHA1
9a9e9a37c4449313476d7c0c1bd6e7b5c48fedf0

SHA256
ed15df27863cbf4801e62337695467b1ba3ceef4bbded1e7ef2a1ac7c21a74e0

SHA512
7c051ae99819246e08efd79f43e60a6ca5b302092ae097b5df76b830120da6bc8319b425146235cf30524804af83a0f3e04e9985897fc84f96a94bc517c8c3fd

Download Submit