81e9fdae84f8ab3f326927f01990390588c68c890f3630547c7960c6cc1906f7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Size

1.2MB
MD5

da9aa96c9630ec4e6d3afac19baac2f0
SHA1

4215e5ed9f8bc1be227788f5e23c9ee488290ac5
SHA256

81e9fdae84f8ab3f326927f01990390588c68c890f3630547c7960c6cc1906f7
SHA512

40a5f9c755132167d1a591e90ee5c6a15bcc93d529ae011a4724ddb77b4d6df987bfed0facf7fadfdc60f5572085e3e0bf380dd57bb645d951aa2066311ff6b6
SSDEEP

24576:/FlPiET3JkuWPPCIwyUbLFMbDJx21PC8tqj7jRXxT5oH:/niET3Jku0qpbLFMbDJSPx27XmH

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{24588FA4-10F1-41D7-B19D-6E22361E47FA}"	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\Codepage = "65001"	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\DisplayName = "°Ù¶È"	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\URL = "http://www.baidu.com/s?wd={searchTerms}&tn=site888_1_pg&cl=3&ie=utf-8"	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2020	da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\da9aa96c9630ec4e6d3afac19baac2f0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst790.tmp\ioSpecial.ini

Filesize
605B

MD5
b2176cec17dd98c7fa2fc6c18ccbe608

SHA1
6c409c725fc3f736ecbf51a743f86a630022101f

SHA256
a70b834ba73ff8f2477d5fb64e5379754f2c1612419a6bfc36241373affed680

SHA512
a2bdfe98da19d1a23d38d16761965a9540ef0776b2c5d13e9178fbb1d803182275fa81eaadfeb61b68066c0d44804af031315f1b3a0fa514cc5aeabf93ef2bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst790.tmp\ioSpecial.ini

Filesize
781B

MD5
27e147e99ea4f4f7a2a436264601d68f

SHA1
f6a2464df9b61ae7671c45e57007b3e65ebdd34d

SHA256
eebf415ad9626d92999f30361f9ffeae2a092f860f7b498eb69e5cc201d154cf

SHA512
afc0d43c7b7710987219e431599eeaae8fcce0393b49ad329272183eb1ea14dd74cd361754cc95379c52d6fbf6edabdd00b4119f338a762d31692ab44e61c0d1

Download Submit
\Users\Admin\AppData\Local\Temp\nst790.tmp\BrandingURL.dll

Filesize
3KB

MD5
9c3488b5e9655d1837c3963ecec33f70

SHA1
f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

SHA256
05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

SHA512
6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

Download Submit
\Users\Admin\AppData\Local\Temp\nst790.tmp\InstallOptions.dll

Filesize
14KB

MD5
b18dfaded8f6d2380fdfd8f6b6969211

SHA1
969fa0e906240ab1123254feeb833c275626cf76

SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

Download Submit
\Users\Admin\AppData\Local\Temp\nst790.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nst790.tmp\ToolTips.dll

Filesize
4KB

MD5
9a0da2692764bb842411a8b9687ebbb7

SHA1
5c3a459faa08a704bdf162476897ad4580ae39bd

SHA256
28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

SHA512
814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

Download Submit