1111c6d4e534b6a777b8c22194e97ce2218436ec0767deeecf24c020d3ff452c

Analysis

max time kernel
141s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6848415f63163335950d942ec05925d1_JaffaCakes118.exe
Size

129KB
MD5

6848415f63163335950d942ec05925d1
SHA1

120a89c8619a572052bb5796f7ae27b0be4f5ff5
SHA256

1111c6d4e534b6a777b8c22194e97ce2218436ec0767deeecf24c020d3ff452c
SHA512

ad95ab25d9af5a61612aac523471456ff7106bb5456e071d7697710ad3ba031162382e35dd45516a8ac6c1f99fcff057f027078f45a24e6ef367363b6ba34802
SSDEEP

3072:MQIURTXJN0ZLpPVcBeNoWAlZEIKhkoQjrOSE:Msv0ZlPKQovlnKh+jrS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	BetterInstaller.exe

Loads dropped DLL 1 IoCs

pid	Process
2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6848415f63163335950d942ec05925d1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterInstaller.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2316	BetterInstaller.exe
2316	BetterInstaller.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30
PID 2220 wrote to memory of 2316	2220	6848415f63163335950d942ec05925d1_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\6848415f63163335950d942ec05925d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6848415f63163335950d942ec05925d1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\TempDIR\BetterInstaller.exe
  "C:\Users\Admin\AppData\Local\TempDIR\BetterInstaller.exe" /affid "lionskin" /id "8skinpack64" /name "8 Skin Pack 64"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ef871747f51b87701641ce3dd49edb2

SHA1
262003bc8f5642ffc673687f0c0a1ca74ed2f595

SHA256
88ac77da708dc421f3dde6e29f2e88dbcb28f3127c8ef176e8f54a4dd2d27f9e

SHA512
4308d5a045913647d3256450caa9753f69fd51a07cadc18b3941d0e25a8aad07a18e8d0af7440373c0940eb5378f1c95ae4d9756f0c7c4fa358088fd77f2b537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa2474896445e1a1e15ec4fb5ee26d47

SHA1
ce9234f3059d98298244797d75ad478d7524813c

SHA256
2e4bcc39c11ce16cd9949207c0165259506ce15995b451dcc0ab9acf4d0c6259

SHA512
31349ac82a7ebca60478ee4487d5de77970c32b45a8440cd1cc461f9c19e00443b4cdf50d3c8d75e2207d0802a4be0c2cf57498376bb463e58f6b50340cc230b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6042724ee2aa414092b92ed1ceb36b24

SHA1
aa9c57de3f54c1bfad81e2c6aec7e4a177fa5baf

SHA256
e53f5c238b3f33524f59809b68097687b5a7a162c4978904fd0be389c6b34c81

SHA512
3e5fe8baa1d2a22ffd30a8588f43fe3c1088b610c2518b2fe15ee91c14f91f78e6f4a27036d89d2198bc0cef9698fd2e787b1da814406a40704163076362987e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acf9ba35363d4c91b6f100a993b1bb8c

SHA1
4cffc400618666a72157ee21cff75eea91dfdbaf

SHA256
b165612a71747528ce3283f9706fde854550be536f13a93f1597b6466a151729

SHA512
5848ba524f99f5ad30015b0e791ae5dec9ec4ce8077318c1e6b0a18a01f2729f6ced56ef7682d95a7e2679a438e7ecc73b54cbfefd7995a8dbc3f22b735dba4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
719f94916644ec24a8cee8f2ea969011

SHA1
11d25d9ff2abe1012953c62a3659d93a77d15fad

SHA256
65bf481c1e10e4ffec9366284f3edfd917e7e078e69e2230d47c28e8ed16d123

SHA512
3e7ee928c084bdf51560188565af13c6e4f04e4bff84fa398f6597b570779ab77a29860b24923b813ba43824402ac769a09a62491538801d345e3fc5e31ff30d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
467e08bca8ba3243ebd601c7699edaa8

SHA1
b077fee00060181d5f482fe9d40974df2efe6b9d

SHA256
beb9974ce8e573323c2a4dd528f115a9c71d5aa4d077696955c0d121fc845c6d

SHA512
5d2ff12efca87459eb0ffb2e038fd917f87b313d454cda59e73c056ee1aa7df31c05b95d1e093149198e700d38baa47877913a770ad103716facff6624362d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bdcbaf78e5978667ca7920a7db77f69

SHA1
0e6e4d8cf208a60711c6570b547082d45220cead

SHA256
36a4898e433d75de585930062912c4b013d303bb62ace3fec5cbd2e8088f7b22

SHA512
b7c62c5eeb6f30c24e880cbf5b32216cf20da9d83e2b76ba8273d04b2163841ed5ac15044d61dc0451078b4da70e3bba6966dbb462e854c651bd9e6330d4448b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a421d8d6dae6bc8fe61102ec572ae9c6

SHA1
51580fe35db8dc7f98114ad3886eb8bbab3b27ec

SHA256
68a7591feaaf562b6d5b8e61cfb322d92903deed2437b731dbe7217fe803b219

SHA512
fd4217141a95859bd043bde0ff59941785a652b9f21040e727625e605f61575c22fdf33ee38a0b4d4c9dee282c13ea5d7c18e32f7605a07b6e3ff2f8e3fadfe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9564e1cbb4debfdb6d1969a5e263c809

SHA1
cea7d4ec801d470ebadad781b28ec86098cc20d1

SHA256
a20ba29d0d015235f3f0a4d6a621df27592f7bda8f4b8973a44ebdd4911e6b8c

SHA512
503d113a5a65ef04a13473949e0dfae821080d12ac05080c2fcd0ea15a8ab36bdef9956bf93350f02bc56c69c9ce24d1db559455d033c39a76a364724967a562

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA8EE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA97E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\TempDIR\BetterInstaller.exe

Filesize
193KB

MD5
9f633bcbad2408a47022010192d60863

SHA1
285a99a70ba7f9c85e0e572bfb69c2c648415d9f

SHA256
738a98aaf02f6f3077dc91aee772649f7bdd917bcdf0915ac7b3b449551ff7df

SHA512
d41fe61777ce34907f8c03e66bd4c07374ab21a988556572424dd7ceabeccf7ac0bd416710abc9a6a2749dd649bc7ba9e02b49c8ed24b58a57b132980609a3f3

Download Submit
memory/2316-7-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2316-470-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download