8688803da17ff3fea0dbee0f82ef3bc0ca5f095926e4bcec5b71a32145841fe1

Analysis

max time kernel
134s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
Size

528KB
MD5

aefc92303edbb291470e50aa4ecb2067
SHA1

689d9b0622160f29ee9c27a99003c7e3a0625ccf
SHA256

8688803da17ff3fea0dbee0f82ef3bc0ca5f095926e4bcec5b71a32145841fe1
SHA512

a013eae5eaf73a088f71b052e0536f2960fd1d71788613a8e727d1927945c86899932d218f128bb777658c112dbd2430ad28cfb45f8ff90a9d850d8f0ae3f217
SSDEEP

12288:LbwWRS5sc+ID9NODMQ7XJAK4PIjGKIR3OuvTus:jRS53NODMNPIiKIR3Ourus

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
File created	C:\Windows\a3kebook.ini	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
File opened for modification	C:\Windows\ANS2000.INI	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
File opened for modification	C:\Windows\system.ini	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\IESettingSync	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
744	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
744	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
744	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
744	aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aefc92303edbb291470e50aa4ecb2067_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1524,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\23151-080615-124432-59.a2k\__cover.html

Filesize
5KB

MD5
abbc7cfb2dbb34bdbe5ad5dffde5ff87

SHA1
a66e727061b1582575261dd2d958b7391cef33e4

SHA256
5bc1dc04e15af49b7fbf3a71defc7786857d7375df99130e3439b7cce54df520

SHA512
35f68fc8ff52c6c4cef36718df37d2ca4c87ef61d1dc81ce20fcc3c77cbfce800bbf24f3c3e69426afb9191396a853b69703650a059ecccfaf0c1927cbcc6fb5

Download Submit
C:\Windows\system.ini

Filesize
276B

MD5
cc05f6f2afcd37b25a4fef064c653861

SHA1
1bb62269daac6e678dc9662b5d26f0c8f633afc6

SHA256
42652a01b7cebc19477940233bcd2c37c8519e9cba38c604eb67fb9f72fba500

SHA512
c65fab1229ec1487f56fa84f685f034e3155129c68b89cb4778e836fe133644076a4421c704103e54af416b4ba5c00db3d7822403ab7d6f9c705fef5db3da2b5

Download Submit
C:\Windows\win.ini

Filesize
182B

MD5
9977114103b068a2e18182909703e68a

SHA1
66841af067791920a213e1cf02224d711bcc53a9

SHA256
d2e1e04c95cdce248f3af64302b9b71bf1236188195524424ac639700db06ea3

SHA512
e52fe3685e14b60c5216207785a5a6db9282e60568e80c4cdedaacf5506197136d4bac629440b5445e8bf55c2de6d6d231263434d9507b7af6b92ed8d8986875

Download Submit