f541d406b2f2321d6bef52c1828a5c76d84fb16b4e3ba88e1ede8cdc1c09aed1

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
Size

174KB
MD5

463f7b574b8218da093a6ca10778e9a9
SHA1

c838eea73d3a8dea3f2c489ea7530d6e6cc2f2c5
SHA256

f541d406b2f2321d6bef52c1828a5c76d84fb16b4e3ba88e1ede8cdc1c09aed1
SHA512

23638bf1ed13b78151fb95f2eaf19dfb0131a587315e54e7997e83b2c4f56fe830c99d23d0e95cd286eee11844351de6017a76786b85c8eace9af68dc1012c05
SSDEEP

3072:PuM0i0qvykKi4JhwzE+9sbKmWUqBr/hXwvktLvhXrKJ9xaPbBpbe:PlvUbDwY+9sbiUqBlCkmnxGp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4044	Hmusea.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
File created	C:\Windows\Hmusea.exe	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
File opened for modification	C:\Windows\Hmusea.exe	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	Hmusea.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	Hmusea.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Microsoft\Internet Explorer\International	Hmusea.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe
4044	Hmusea.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4196	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
4044	Hmusea.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4044	4196	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe	87
PID 4196 wrote to memory of 4044	4196	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe	87
PID 4196 wrote to memory of 4044	4196	463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\463f7b574b8218da093a6ca10778e9a9_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\Hmusea.exe
  C:\Windows\Hmusea.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hmusea.exe

Filesize
174KB

MD5
463f7b574b8218da093a6ca10778e9a9

SHA1
c838eea73d3a8dea3f2c489ea7530d6e6cc2f2c5

SHA256
f541d406b2f2321d6bef52c1828a5c76d84fb16b4e3ba88e1ede8cdc1c09aed1

SHA512
23638bf1ed13b78151fb95f2eaf19dfb0131a587315e54e7997e83b2c4f56fe830c99d23d0e95cd286eee11844351de6017a76786b85c8eace9af68dc1012c05

Download Submit
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Filesize
390B

MD5
91a6b3096b74f7c3479e08428a01bccc

SHA1
152049e14b8f90d0a270896c401cd79f73d7fc03

SHA256
c97ce16e199a92b24c5d76217ffd20533183d7cc04fb53d2e2824bab97442ff8

SHA512
974ac168d0be5078e7cae3da37bb48dda2af4698346a00cccf800594839356b13892939a5e8e2027bc30c1825fb009949c78c2d5501c38560c341da725102d87

Download Submit
memory/4044-68960-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68962-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-8-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68970-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68969-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-45262-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68957-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68959-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68968-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-9-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68963-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68964-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68965-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68966-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4044-68967-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4196-0-0x00000000005A0000-0x00000000005B1000-memory.dmp

Filesize
68KB

Download
memory/4196-43810-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4196-1-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download