179ae093169df3bcbfb64a84c1cbce62523d0712d5bd576ba4d080aa75cb8a35

General

Target

e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
Size

28KB
MD5

e143c4c006b24c78bd7c238f5cb383e0
SHA1

ef7f88fb7cb492227651ac5aca80fa55382ca52a
SHA256

179ae093169df3bcbfb64a84c1cbce62523d0712d5bd576ba4d080aa75cb8a35
SHA512

75fa242ba0f390bb3930898337670dc1b0497c0539feade4313f8dda4cceb19bcd89ee8cfc1fd609d3753015dfd67696ffa73d0306ec7551533dcf2f5967ad34
SSDEEP

192:/TisKUptVWskkyuteBemEzL4CL0JAV2xEqKUptVWskmJgmpbwY6aIEYFXD+ouj6f:/TisDp/Wi9Z2eqDp/W+gOAaI3goy6

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2236	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
2236	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
2236	e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e143c4c006b24c78bd7c238f5cb383e0_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9a8a11f64cf1b46d16e4b458b5ef5d9

SHA1
54c65cd8dd322b71ffc3a601df15630dc8fbbe05

SHA256
d9d3742fbfdc180a9e7e4488413e53dcaa2e91b0ad4c8fec66efec5f5b02f509

SHA512
900826aca13dee9505ca48d789f14144a0e410a4d681ac6d9c005c12cee873756fa3055c54d6812ebfd109c2f98cdd1957782a85872ee6ce02ee1b7327ff3209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82060ff184eb1bfc867e1104e5b8a2bd

SHA1
9fe06c87d6153cb0dee7750f7447deec4795c92d

SHA256
a2fa4ea173c0bc318e62fe532ffad341a1dfef2a344774d7ec0bc6a7f0f8a1ed

SHA512
483149ccf60e85e3931937d195408c788c8daa4df83cdd312f34ce897aacd3c03867c719bbb5314438946d1b41daefd326a20b0ab45e013db41eda700d766f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00370156e90ca4823aae5aaabe1b3137

SHA1
9bb5fabee6b8957cb99b207643e6d3f4bb2faf71

SHA256
52fa6006a89b2f6c6152089419a02369deb453c5a3f02554180a02efe2900f5d

SHA512
bc02b2ca92afb562df0fdfb857a4ddffe0a9e6f36b3e38599cb8308e5cc1c2ad0d8ee4849a561fc55b9814e0c79e6f4f190534b524bda8894b66b94506039de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ecc6a864bc2a43d2e40cb760a854338

SHA1
6d6f55fc2aea19b3046815a47c730415c02de7bd

SHA256
0e6c8d4040137286e0fd6603be7926482af903e8664f3ceec0b6dca28ef8cc01

SHA512
ce81a093a08010088814ab9453387bf774b7d26f0b6b55b1c742fab89585176e3e86caf316689072ed0ad703f1801c13d4681b685958bdbab214c351ebf677b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f633cc03f3ba6d14ccca5a6c8f1f83d6

SHA1
7103b49f1852fec7487ec315ce14c5c343143a90

SHA256
2b64eaae2877d68713ca9d2cada4761f924b8372a36a008650518bc2cc862308

SHA512
3fa803c52b8e73299c5df27cc733dc64e54e2c310eb13dbf3512560ad772a7ef2f4a679b7dd675813166a466f59c35630858960ed675dfa5ac4fe289e4820f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CD4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3DB1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2236-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2236-3-0x0000000004B50000-0x0000000005BB2000-memory.dmp

Filesize
16.4MB

Download
memory/2236-826-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing