Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 14:41

General

  • Target

    afa11e19fb3ec24a5749e40c0f098ef3_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    afa11e19fb3ec24a5749e40c0f098ef3

  • SHA1

    03c7a8d2546bf278fe68a50fe4939588d6780524

  • SHA256

    68b10c65645819bd5f12e080ab5f5eb4b0d90989d7b11629815361c322e5bd77

  • SHA512

    99e8c42248879460decda53156a203d76c419e2bdae103f57a12d4577744272ed5de21d61f7d46d3afb91b02125164f60c1b1c8106b33224afe9953fd41283f3

  • SSDEEP

    384:/TOvZce/+Pje/KLe/Le/tfF15m7T9P6xOFsiNm2XB/4251re/tfF17e/7e/KCe/s:/Kx9fvq5n0p/tNm2XBwOS5nC6mE

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afa11e19fb3ec24a5749e40c0f098ef3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\afa11e19fb3ec24a5749e40c0f098ef3_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\explorer.exe
      explorer afa11e19fb3ec24a5749e40c0f098ef3_JaffaCakes118l
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2504
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.exe

    Filesize

    48KB

    MD5

    55a07c5a65cf58d3d7024f96730172d2

    SHA1

    8a0227fd704da40c7a0f74ecc2ec09d75e721b45

    SHA256

    4c8272568f8839271c2ee0589898ce84d5c7d091a743edd2c19f0529b37741d5

    SHA512

    4799d78f6a5ee31f66cd61b5453e1cd792a8355ff8bfb522c0295ba77c453c93e6f1bfe27a2c6627ccb8cb4cd7d0c0828bbec7b1e07e17d5576665580ea72824

  • memory/2152-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2152-50-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2792-3-0x0000000003A90000-0x0000000003AA0000-memory.dmp

    Filesize

    64KB