43287bc27709d1ee1caf7f22598b1601e97c52c4757eab2262771ccf1f5dd116

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
Size

652KB
MD5

72109ca9e04ad6ae26245efac3881c8d
SHA1

35256041e002371b98d8da0a0d8a00ff11c904f0
SHA256

43287bc27709d1ee1caf7f22598b1601e97c52c4757eab2262771ccf1f5dd116
SHA512

ab7b5354ebf036fdd1385f55ea2498a52112afdda34915725249017551220d41b6cee84f766ccddef737c4416bf6210386a7e2b2e3a0d1346e0909fc793c8a17
SSDEEP

12288:Q6kgISwvDAhXWzRjMCfrCC8ixsl2043YtoT7CIq8givXuev9Fpip:Qb/SwvgcRjMGWYpA58D/uOFip

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
2040	72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\72109ca9e04ad6ae26245efac3881c8d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_4\HtmlView.fne

Filesize
224KB

MD5
59f0a258fa01bce2a69d263bea890e40

SHA1
b12b47e9c7ea859967ed75facdce4b54f9911a41

SHA256
0352856a5f8645f90857baee3d6310e88215f6489b2641b2682ee6cde3b2d4e2

SHA512
588ac395416b3fca6580f5de872b49aa81a21f97ff482eae286072f4bffeeef332170a27fa866b4a425dffdf0f107d659637eaeda5035d8e8458e6d800c11ae3

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.1MB

MD5
71520e2e016f657e0131181c093af6e0

SHA1
98b542d747b2dfd57ea69e42ffc8e6a6f05d18cb

SHA256
c77f7719ef55800ebc692edb5523f6becd83bdc25b8bc6f7dbff3c6243ef76ae

SHA512
d48758acc8767a78b898152efac9ce31e043904dcaddc0e60c3145bc7250e8384913833f33f717d986f2f9262a3e82ecde13b4fbece851b2b8b70af43a177b71

Download Submit
memory/2040-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2040-6-0x0000000000260000-0x000000000029B000-memory.dmp

Filesize
236KB

Download
memory/2040-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download