2b2f327d17c08c9d20e1201de1c00de8d1ae716e7aaa9d03d4057a6bcd4ba6a5

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 04:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
Size

193KB
MD5

4827ea4d92c923dd6259cc6eea5add02
SHA1

5ff2635b9c20f8a577f4f30fc1d5b2de289bd6df
SHA256

2b2f327d17c08c9d20e1201de1c00de8d1ae716e7aaa9d03d4057a6bcd4ba6a5
SHA512

7c4fa880dc89d987d6e5e50b2a540e73176bf29d03a6646b0ebfd5706e1012d455ddfa4010e99d1b3d7b82c187c446a2f2706971d698e181902ec4dfdf8fa30c
SSDEEP

3072:H2LAYuJoPtzw2HWHVATMiFIpQXr6t5McaZgz2g0X:dJoPON1ATqWrkjT2RX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1468-0-0x0000000000400000-0x0000000000431000-memory.dmp	upx
behavioral2/memory/1468-16-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Software\Microsoft\Internet Explorer\IESettingSync	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1468	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
1468	4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4827ea4d92c923dd6259cc6eea5add02_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\disclaim.html

Filesize
19KB

MD5
4407ba6a64eb8214288a301ccdb63021

SHA1
a72537c0095fb40938b6843ef8ce31c743a9978b

SHA256
c8e9940e1916bb8367e67857e9acefadc24640018cb45f2002281ba472143012

SHA512
c0b7488f22a89d1f5371f346d0b4b12dddef85998774923075b7d86eb2fc14173d341253464cba386ba98a9dba4c440d49ce3e520233e771fe42eb80c29d1348

Download Submit
C:\Users\Admin\AppData\Local\Temp\index.html

Filesize
18KB

MD5
9f41488c2a9ae75347d56a6a305f3cda

SHA1
f0cd1757e6382eb74d32fffaa50857d10d74a13b

SHA256
e415d5c314c58c0df0ec75cb60a5ea44a7a196cb449b599ffefa2741ddaaecb9

SHA512
4816f9884beab9330c8bff4f053ff65ad7ae6741a4543ef662c6b98c64bb8831078e77e8dc4ea329217bd164d381d02ac3f1643dd2e627fe7a1341aa0cf69a8c

Download Submit
memory/1468-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1468-16-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download