Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 15:18

General

  • Target

    423b82f9d31c45b9e4f21a4fd3d44a3a_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    423b82f9d31c45b9e4f21a4fd3d44a3a

  • SHA1

    19df8a3cddc1749efaabc676c3a7fd166f09ce08

  • SHA256

    413e1290ac4c05e72922247fe1320021a0b2205bfe5c078d71f810cd52728e2d

  • SHA512

    7670fd62b6ac30dad5cf4f66f68c178cf814dae03cd55a7cda38dc9ed84b1f6db0fe2b5ae27fbbef5564cc0a082c594037661eef206637efcd13eed22efa4e3f

  • SSDEEP

    384:lPeksTGGfqTuEhGXDRWthzA9Jr2bpdRKDF9fb/WsYUZP:lziouEhwDRWKJr2bpSnfbOsYUh

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\423b82f9d31c45b9e4f21a4fd3d44a3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\423b82f9d31c45b9e4f21a4fd3d44a3a_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\ixt0.dll

    Filesize

    19KB

    MD5

    f526ae4dc8f336712e8920c346f9387e

    SHA1

    258b861ef1a8eaaac5407bbd2356ad4e1ef5e7ff

    SHA256

    92591978c8256c9d176428ab32fa2ff3f3d719257a3a0837b83c07a08c31e522

    SHA512

    52525e8d6f51b75ce1b7f233b76919e97d4d92b08004c942bfe9a12aacef49a5e06905033024c217bda6d22f48d9b5ddee1a3e048380d4cd2c52e45955386bf9