98466abcabfc00e23150fd75d9965df690734c0346d764a7fe4745500a5866da

Analysis

max time kernel
149s
max time network
156s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 18:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
Size

209KB
MD5

dccfb491cf2a219860f884ce39f78e19
SHA1

907a2fb3156f1848784d4164113db19243afbc22
SHA256

98466abcabfc00e23150fd75d9965df690734c0346d764a7fe4745500a5866da
SHA512

2aa790176eda1a227bc5396609f557c1d2c2eb3b5fed3169494aec77523a8aef733d32986e79ec0911bb21fc740841b9f13a8fcbad90e34024a7f67b281d25b1
SSDEEP

6144:hoC0VFyKDdij4UBYWzgBuTOq1eYmu9cIIAObdm95I:hqhDdij4UBYZkTOq1eYmkxIAOpmE

Score

7^/10

discovery persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1504-0-0x0000000000400000-0x0000000000642000-memory.dmp	upx
behavioral1/memory/1504-503-0x0000000000400000-0x0000000000642000-memory.dmp	upx
behavioral1/memory/1504-715-0x0000000000400000-0x0000000000642000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\privacynS = "C:\\Program Files (x86)\\privacyn\\privacynU.exe"	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Application Compatibility\anglear = "259462204"	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\privacyn_ad = "1"	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1504	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
1504	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
1504	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
1504	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
1504	dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dccfb491cf2a219860f884ce39f78e19_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
679476e9cb593de13868cb5e6b468936

SHA1
e41b8ddefa82810e1c80d4ee27755cd4735028c4

SHA256
013a5b7775df593717d52d65db665d276c5a86c460c33f86640017200d965b49

SHA512
11f3e15cc98ed8c618f278a91ff75ed482b210d236fbcedddb1e5ce9f854c91c4b00986c6a605e9304e91f1f1da18ef67e3ab98bbcc455641babb61ce511a5dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e244e118e8a85292b8ccf6f67b062296

SHA1
df1ccaf21c4cd5e4bedbb901d78781ada3af381b

SHA256
ac0b783c778dbda617c2640a33843787e13d97c9fc36b8c10190e3fbfc90f74d

SHA512
2f4176e2e42d8a1c342666d2bf805dc24d0317433ca28ea80ee4fdb2caac495669be71d51c067ebab692d7a14146dd1597c8a1a48d20b552e291224752fce8e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d47e4e8da4cec1fa08d0b3af6cacafc6

SHA1
c95e89060a46123d09184ea6d4a5134a06045f18

SHA256
6f5f71148085d4b3edb09d7b1d194206eabc42ddc1b620e859ac85c68d80f0f6

SHA512
a9d1513c33cff825676032a20a132709cf596984f870e25f89bd1311220304818d547df59544dc155d80871ae4f0fae3c97163e81fce092cab1877994c0991a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21861d4851c0d4851349aa2915b0bac0

SHA1
d6ee713fc11309a13a726b449cd2e77d7aba2234

SHA256
dccf4db9572a9788db2185025e5d2a14e937b00ea49c16d243f5ec35b8f97575

SHA512
28a69490865997358319763e3348ca47ad805e53b502c700683e581acf54ac47c75065d446a23cdac060d855a3ee1fb761e80439b20e15851d30bc3218a286d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0184aca42a94b82b0f02c14fa41c4ad4

SHA1
f303729ec878ef0634451e2a9ea78055582db228

SHA256
9e702eb07a17602b84a0962535faf2e836560a183803ff0374f1bee59a5ec041

SHA512
80b76090b1827013393fd2568f7d471e4a01f4886a8b69926b402ee99194772b2c4bad4ebd5bc70eae973da601a651ba5f65762b835875febda982e75a3e249c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f94d52d120d8d462cff9b0af97438ea

SHA1
56417025365e177362fbd2d893a2d7f913e0fbe4

SHA256
3b2709aff73d1daf65f16129bfad66264616fcfd77ae6ea60b1e88637ecea1af

SHA512
32b632f78ddf170e2a9700b02aca47c3bbf87db5e378a921d96a882005532e5684c8daee2fa7cebb5a2a561bfcb48514df989954f8d51305b1f31bef7db9582a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4fcd14b91cac2ddccf40f5d9c394de8

SHA1
bcb093557e0377533b503fd9fac4ec1109ef0982

SHA256
814c59199795b00350680ef70ace8ce6a98ef083d47f9c323f66f4b74efe9997

SHA512
21edea1447fb3e2352b41b17e14d51a10ffd79a2b67ffc19c4bdd31595ec7d6a7d7c2f0b790cd3ffdbb0c636f61ae1ba14bb3d241bf2619d590c069972aa1404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9454c5c0633c0c7e0bdb3e8209f17aa0

SHA1
ac86c0e41cf7fe92ed798d08518d5ffb715575e5

SHA256
61ff6e47f81fd221df95b4eadb6f425f0cdfa44afb21f2cac1d2bc5ec9287a3a

SHA512
014145a2060b3dd501a79ece49956deb9bbe32a1fe30f764eec9cdc62df29b1eb5eaedabe7a90ed5295de0566c5fa1b912e7e7d83a3b5854383d56f8aa416777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27a97796008b5ce6baab2f7b4bae5f3a

SHA1
cf438b0196f094de0da2aca36d31fae2f4f6f988

SHA256
6084e63dc98564f42d6d1aac48ff42a6712ae288535c1dca2eb463ada70db22f

SHA512
4ee0c2f5ed2bf3894448935f678355a5da51fedfe34c3c49f155896f7fc68e888b08c06e195c094e93749139bb248aa30978c95f629ccc29fe704dda18cb30c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee50f6d11e4e910fb39980f70f3f1759

SHA1
0c7864218b6f78a72be41ed18f5fdba2d1092de7

SHA256
fd9948b93dac61950daed773778f7de6632e4254c8b3a1c3e4c86d9d678fcbb0

SHA512
dc7781c3cf82201aa1dd6c2695ee605a7e374cf53e889ae9053e7859a611c33337133416545902e3c0342a44b8dd770d1a7a1fa35ce4be3ca40c95bab064cc6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
f266f1867471c8d5f8d9482adcc7e7f0

SHA1
75ce481e021fee141665c27efc134a32a4b3a26a

SHA256
f03efdfac76f49a4685c772151d695ffcf6bf2721df2babf94a9838c7dbd52a1

SHA512
904871537e9ba00d40b1acf4907bf7838eef88750860f11bf070f9677abf99c0050a55bfdd2ddb0c8328a38b239fbf488376eb97e713e82fed68e3fc120a794a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1798.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1837.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1504-0-0x0000000000400000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download
memory/1504-503-0x0000000000400000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download
memory/1504-715-0x0000000000400000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads