0b050b8614437b9a8ff6f100df43321d5cf3638a0f8a9ce63ab443dd35f09f26

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
Size

425KB
MD5

62ce4845cb304325b7a97bf2b308a3f6
SHA1

ccb02d5d3a6411c272dfc37ed6df79c344a52880
SHA256

0b050b8614437b9a8ff6f100df43321d5cf3638a0f8a9ce63ab443dd35f09f26
SHA512

e24dd9b2965783f4f24c2078124d038e89bc0e7f349c063227062d6891ae12f69289871329a62d04c4b6f77a5c118cec5201bae2c2caefbc17066821891bade9
SSDEEP

6144:PihflKlSP78ZBc3cJ0FOHhbq4gRJllYhxvJzg7DUu94g6AlZ+e3Dj4zcUB344M97:PlXbwnwbqRRJo/vG7ibU5j4Yf9Axj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5060	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
5060	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ESPI11.dll	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ESPI11.dll	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://www.111ba.com"	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Default_Search_URL = "http://www.111ba.com"	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Search Page = "http://www.111ba.com"	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://www.111ba.com"	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.111ba.com"	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5060	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
5060	62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\62ce4845cb304325b7a97bf2b308a3f6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tdys.dll

Filesize
120KB

MD5
6ded751b628ddb2a1c0c05f18858437c

SHA1
d1c98eb12d23975332ce59e17e8e1e3f3ad498fd

SHA256
6733977939a17dafb2e100c898fd0948095b6b33e8362aebe57ef7ea87db58ab

SHA512
554facab0a0d4b75504b0e3f9f8eda4ed0808e5397a214f3bf0c282542dfc2024c449b03c1aa9c1700307ce72ca88c1414650ec865b6e353b5d70f53aab10710

Download Submit
memory/5060-21-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-23-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-16-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-18-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/5060-17-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-19-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-20-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-0-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/5060-1-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-24-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-22-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-25-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-26-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-27-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-28-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-29-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download
memory/5060-30-0x0000000000400000-0x00000000004F0D12-memory.dmp

Filesize
963KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads