173ce2336195ad99543b3419d6389cfa60eef7e3b7dd0d98d47255a03c8debfa

Analysis

max time kernel
140s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe
Size

65KB
MD5

5ef6cc85e91982bf6c8971cadc52f43f
SHA1

8e3d3e43310c412e4e7520590138bbdc54f306a4
SHA256

173ce2336195ad99543b3419d6389cfa60eef7e3b7dd0d98d47255a03c8debfa
SHA512

b9ea548fa05daec7c35b34105e8c07acfc7b79a1651fd48d94aef924c1681f7910043e9eb9734dbfe4b768426ab25cc244ae29e102e61d3a0d32d7595a6b4dcd
SSDEEP

1536:j6zbebTN5jVg/qHpHtE4GWoYYhc/QBx8pyL3H2:2zS3N5jV+qHpHtE4GWo6oBx8pUH2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2432	5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2432	5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe
2432	5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ef6cc85e91982bf6c8971cadc52f43f_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2432-9-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download