93010ce05fda48d1c116c660d19974de8814edff54a0260ef87d37b722a843f1

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
Size

414KB
MD5

b76f2dd18e555704fdfd1b212abd8fc7
SHA1

3310c4a45e2512c72f085814632161ff12a794a1
SHA256

93010ce05fda48d1c116c660d19974de8814edff54a0260ef87d37b722a843f1
SHA512

badfb1f68b01f365cbfb4987cd9cd1278b16bc75447c0cf4e7e3d12715239b0bf5bda15c53c4cda8536631d5b6f0a66b632929d69cf2b43e37e465d6dece8aa7
SSDEEP

6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj83WI9:LbwWRS5sc+ID9NODMQ7XJAK4gWI9

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ANS2000.INI	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
File opened for modification	C:\Windows\system.ini	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
File opened for modification	C:\Windows\win.ini	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
File created	C:\Windows\a3kebook.ini	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
File opened for modification	C:\Windows\akebook.ini	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
File created	C:\Windows\akebook.ini	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2528	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
2528	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
2528	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
2528	b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b76f2dd18e555704fdfd1b212abd8fc7_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\index.html

Filesize
7KB

MD5
483104438e095b9906ba4850fd4177e4

SHA1
bb7dbe325fc71726c797f42cc3b1cdd8435e2362

SHA256
684bba6da5b76aec1a5234afec1162943db49252a5d4dd18dbee0afbb0cf92c6

SHA512
3d6fa3cfec54faa5cf86facd9d6803ef19c3bbb9d6f6c695775f85add2a2b508cbb8b407a3b375ab829937cf628a8e64dd95f8a53a03a574c8937738c897bb75

Download Submit
C:\Users\Admin\AppData\Local\Temp\e\83408-040712-212552-78.a2k\style.css

Filesize
2KB

MD5
d07c418be56a76cab52160596f51c5e9

SHA1
1845b428e288e833d406fd24c4e9be44ed130e00

SHA256
8863ecc303c7419247687e767a071f5cfc2ac4223f5c5fa2be344ec2a329ac01

SHA512
3a6ec4c079faf467ffe992ab64e60abe062f76c4ba797df16e760dc1d604fbe4cbd4f2e8b8096c9e439bce81ff1c5c9dcef3ef4fbafcefe22cbac8d5ceddcd8a

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
41baca013e7c06f59543a2ef6c3ac41f

SHA1
119f2d13e957e06611420c10b7851217befa1bd3

SHA256
76e46a0d5baede6b978d0b3054e57622fb202e5aba9a4b7292dbe018eac687b7

SHA512
7d94ff77e3206630bf044d68d5eb6cd0f1ddc4cd86cf0b3ceca96e9cf3073dd2805192a04f9b8ba5bf3308ef80008a7f55493e4c70cc7705885c8a255ecfd4d3

Download Submit
C:\Windows\win.ini

Filesize
569B

MD5
9b866d85beb3cd845ca72ce3145146eb

SHA1
0fa79ecbbd5f19e4ec9966f7d28d7ebfbe942ee6

SHA256
54919f01739dcb90fe0f0a15bf143728f76422368d231eacc5505304f1ad2d8c

SHA512
07f3ae90744410a3b714b00a98bc198026bfecbde236dd6aadabd47bcdb69262f2dfbbdb1217a4092a99bc9d468eb317ad33a2f2490bbd5f782bd4ca0097a467

Download Submit