398cee93ef4fbcc306857da51d3c915301a9a027db60a9c9930455d07597bda5

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
Size

670KB
MD5

46d9a767e6cc6ee5f2b60741d30a113f
SHA1

22aae3059b6c6545b0c5d0974fc73d8ac6837d03
SHA256

398cee93ef4fbcc306857da51d3c915301a9a027db60a9c9930455d07597bda5
SHA512

126c90cc3cb30220a1c910be2e467668e90d7e44cb3b946804f6830dbdac357b03a190aabfa577acdc5547075739374eff80319e234e0982c5364e0b11d8e178
SSDEEP

12288:j+tQY3u4/30tqXRzueOPrWuZDoZH88fgKxNOMfA33sUKpfcsFmcyouSKhK6udcKN:jGQY+ttqXRNOPrWuOZHHfRXA33OpfPFX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x00000000005AC000-memory.dmp	upx
behavioral1/memory/2980-72-0x0000000000400000-0x00000000005AC000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2980	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
2980	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2980	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
2980	46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46d9a767e6cc6ee5f2b60741d30a113f_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
9KB

MD5
9b8ede66fbd7dd213358d3ce85ca5515

SHA1
953d154e1a10be652e8296eea027222c3beb9d66

SHA256
3c411b586ce38d322c2bfed8cb57597b237482b3ba2dbaaebdb6d47f6b8caa2b

SHA512
32b6165dfe6a16beee9c53ceba4a582a9234811fe127564c6dd196ec6c23e4c90890266f88c32c1981d04974b25e9692e2e98351afcf4ac4d7ed9a1801e6ec2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
202KB

MD5
a4fdd77e182bd2fabe300a47b5617a35

SHA1
e002b335c75b5edefcd251962f61f53a2ab8e0f2

SHA256
8b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b

SHA512
ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
memory/2980-0-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2980-1-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2980-72-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2980-74-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download