cae3a60ae3304988a6af4916b291c6890b96e276c826ce23d8b8809d6e9784f3

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 03:33

Target

65f829556241ff8849e7e60ac1406172_JaffaCakes118.wsf
Size

120KB
MD5

65f829556241ff8849e7e60ac1406172
SHA1

69077d59f3be7930d6536c24d871be3390d15e28
SHA256

cae3a60ae3304988a6af4916b291c6890b96e276c826ce23d8b8809d6e9784f3
SHA512

67c940243c415d1423adb75c99d3e2a877d558aa9a10f612c5f8438bdac6f506ef5d4325582714595ee6d082732c57a0ead2aa5f8faafc28bc7949870cb676c2
SSDEEP

3072:WcZzbvWoOpAHATWUnUB7fpNMpayB7FNI2TTZ:WOzbvROpAHATWUnUFpNMpayB77tZ

Score

7^/10

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

Modify Registry

Browser Extensions

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\ = "BP Data Feeder"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\NoExplorer = "1"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88888888-8888-8888-8888-888888888888}	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88888888-8888-8888-8888-888888888888}\	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}	WScript.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\ = "BP Data Feeder"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\InprocServer32	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\InprocServer32\ = "%USERPROFILE%\\Application Data\\bpfeed.dll"	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}\InprocServer32\ThreadingModel = "Apartment"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D64F819-9380-8473-DAB2-702FCB3D7A3E}	WScript.exe