e6e9f8b85bd6cad8044b302e196f332446ceb07f1277b0f79b1cb5d13afe7df7

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe
Size

47KB
MD5

606ed7a2714e2dacb1c59667032604f5
SHA1

905c2ab80ceb9607dc558fc4f95d2eb6e0902d6c
SHA256

e6e9f8b85bd6cad8044b302e196f332446ceb07f1277b0f79b1cb5d13afe7df7
SHA512

9af53b195f4bc7d8c5bbbdb25daf90d5fc848ead69d886cde5f1a74d42b06f903f7e9ee5e7127eef3d1b3092b4cb4f9ce40460bcc7ad8ba9a612c9519d740fdb
SSDEEP

768:O6qdGBoYK90+fTYq5HMu+qFKRTDa/QHeja8BV/WCFoZfaXg0xoxOdz8gn2891Ot7:OJdSbKu+ziEAa/QOa8fRFA4g0GQFXn2s

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\Temp\\606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe"	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\startingp = "89857295945"	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"	606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\606ed7a2714e2dacb1c59667032604f5_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- System policy modification
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win.ini

Filesize
15KB

MD5
4d19da35abe9dbb06630d76b0bde7877

SHA1
30425609dfc6a34f146a1ba10401b35acbbd98df

SHA256
eeac61c07b6811e8180fb03e2e6d18f2b3f83a8ac8c8651ffc43909c5e82afeb

SHA512
e43d0092d03d864020823963ad551d6fd7d28a9d6040ee3208c01727c612a960be0fab7e234c9c3b48cb534cc81eb76c49bef13d03c5a8dd131afee06da0756d

Download Submit
memory/1500-96-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1500-95-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads