b769ee9ed715753098ff5769bd09b322ca1036cb19e58a6c6efb09b56b9c5a97

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
Size

459KB
MD5

85f89914b30e5ec455c857417a9df43e
SHA1

8497d05bf6fb3617da74ce7674e74852e5f72f00
SHA256

b769ee9ed715753098ff5769bd09b322ca1036cb19e58a6c6efb09b56b9c5a97
SHA512

a4c926677ff7f4efe465df0222e3f2237845497f310b00f57bf65007d2f8e1b121210fa8f474859f2e0d2c604057f867e24b70070120ee25dbd02df086d24697
SSDEEP

6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj8+ISi8njA1D:LbwWRS5sc+ID9NODMQ7XJAK4vIonsD

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\a3kebook.ini	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
File opened for modification	C:\Windows\ANS2000.INI	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
File opened for modification	C:\Windows\system.ini	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
File opened for modification	C:\Windows\win.ini	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1712	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
1712	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
1712	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
1712	85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\85f89914b30e5ec455c857417a9df43e_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\27143-100630-171146-53.a2k\__cover.html

Filesize
5KB

MD5
69333b52b3c84f7d51b592b24c96eba0

SHA1
e23fb1428ec14283afe4c57ca6254ef5286e6e5c

SHA256
ffdc2c2e0be61878d1420f69583a7541c4a73b1ee0e3b5e3276c1d2cdd41d431

SHA512
805a86990815bd90a1b48f744719d65695d42dd80934816ef19b8eaf4df987d2bc7e8521096a769f56f38d8f87c6b84292b777a915e8cc02f5b7f923c2209aa6

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
1b1fc57853727a0d2ad5af8c2db7abc8

SHA1
e3ca48bede6af522db49bc74f210e2fe4f0bf829

SHA256
4577614b37411fcd3c801e4bd1284690cce1b5c552429de3e1cd710cd2ec2145

SHA512
3255a50cb8544778ed553e837d8f3d869d98623a38987d9beac8c8a14cc4639f1a0e8d0a2be4380c87c41d144de2f8437259aa70739ba55d9651548a6ae23909

Download Submit
C:\Windows\win.ini

Filesize
569B

MD5
04367699fc54bc903322faf5967f7d4b

SHA1
eb32010402af99a4d0a646ffc8870b2ec320f3cb

SHA256
021d98c2a92e009554459cf0c3ed73cef918c38082aa36926b6bb138d513f355

SHA512
b8bb53890fecb19beb6444cad3635e1a44a9c9347b5a15c78584b8de2e3336adb985714a7a4309e86cdd33a45d83211540daef406e952f054a7e9aac83422800

Download Submit