3a9de56b3293f5644da325fc8c8ca80e257b8e9dd98844374a6a8ceac7b8c973

General

Target

e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe
Size

40KB
MD5

e17e2a0b4f4b65330a87f1a1f59fafa0
SHA1

3674b38edd78c6905d07b4020797255cbe52cad2
SHA256

3a9de56b3293f5644da325fc8c8ca80e257b8e9dd98844374a6a8ceac7b8c973
SHA512

d619dd0d31141e193531156987ee0e31c0c94d8e31ea404946eb392c2a7edda9f3db33cd24b82edf6a0ee12987e9592a2077d3e76fb398366ee90fc27d4e58ee
SSDEEP

384:7ucREPjBk3cB1qCxF2ARK5+jZFAfYSly2WTTTvaMD9srdsW3WfW:7uVq8AAU+LSjWTy2WQ

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\services.exe = "C:\\Windows\\services.exe"	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe
File opened for modification	C:\Windows\services.exe	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3060	e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e17e2a0b4f4b65330a87f1a1f59fafa0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
ae4c4daa4ab9996c5d2a0d8de49dec37

SHA1
0dd307f8e8910afd5a7f39a79ac2105d2b0151c7

SHA256
d3a67abb82ead170a58fd9620fa4ddc5fa89006ffbce051a16a139c012e53d95

SHA512
fefa397731619c98a8fb62232f3342734db85d19196048e2442d3624e2d7efaff0e685e3a74e5215cf570edfe19f103b6a3b253b561b6863ee76e8029d035543

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
91367b7b0e2594477de43f2cf5a021d8

SHA1
65ff9b110e56be500fd41dfc50978a315416733f

SHA256
5b7ef1b3f4cf6a4e2ff52e78b8def8092c375daaecf107922a255913b7caec76

SHA512
7bdbad9a7ae3bc8147f0a6f704e90d9b8d26447cc07475bfa850b9e89bf52d1c14978c4b861ae436c29f7b405762c851d9143e34c967ce2fa422c12b294a74e4

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
a7d6782934bdb957b2f1b771f9ee1aae

SHA1
3ef43e5f41193d550604ec745678d35faa3e48f2

SHA256
5054b48355c8a71862d5f712f4857cbdb8e189c06102a9022170125b47b92898

SHA512
19e9fcd5a003c13111ae0abbd5bc39ffb9fee1ddf982586ac8a1c1bdf93d20a0695ae46edbfb297736be38d5fed37c61155fffad33345e574a4f4d83debab63d

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
e7d5d4a797121d65930067c33e8dfd7b

SHA1
2efdeab58f18d5a0bc7d9467db1b9e085f5406e3

SHA256
83bfbd5b4711d425f9f6adc00cd02e5ac1bd1d4ee0b63e91ec636990f303b308

SHA512
a7e0cfd816ffd7d18e801f9e16d5cd2d4b887d8943897942d212b0b82b9cb3cd62924ccbaa9aa7c0a5eb960df1c7527777e7cb8e2ec1716a9681837ba1820b6e

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
e32aae9887649cea788cb4f9c2b2c8a0

SHA1
c6e35bbf7f2fd08633079b77fcbe025bae71f5db

SHA256
70419eff31ba60277efef6d26a55eff78e9e1adb2224bd9999a54b5e3134177b

SHA512
e9136d25e5d5c6d6f0bcc760361d3ebacfad77ec2abcb2c2e1b3c3344441611ead8ff215a87943c370ec874f94d295b889eac5e9d3444fbae2d3862e53505885

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
678ba0076dc8f13658200d472dd09694

SHA1
6ea71b3aac4701b835b3abc99ca4f6de08b40162

SHA256
40d92c4bc81f25cb4d5b3a634d7cb1b7cbc44b1ca29cbf35ee2e5bc5697acdbe

SHA512
5d163289c256d7c835c0f2e1c313a66fb939834c6f31b4d4f5d16df8309df9783d8e0afe301b022ce7dd7698a39879169b0798b03a0815a7eff666abb8189410

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
82e2bbcd553c806fda00a85b0324bb8b

SHA1
4113a0675398b84badf95b9dbce2f4288d2a1260

SHA256
60c20e45820c2e3b51c58874ad89471b90bed100901e39a5806958c8f9fa941d

SHA512
6ac96b499f5948750b70c494d502b981f4ce591378f46007336246a9dffde943bfdc2db0242888cfa0360242c342123072341d161fd3d76cbf939b64c3480c8a

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
032bf8a8809601079482c5ab92630fcb

SHA1
e4a1b47a2a1e5a1fca8bc16529f5fb7438069e55

SHA256
13692cee45b123d0626c59199d15e507d38f8afedb78e4b368849f131f650219

SHA512
9fa3d73e0206e548733e4a76e08cb74012cbabf1afe730a253beb3bb25fce2002e97828b7ab2629f5c0f7ffed4498505e60b82e689ef320e1da9d96046d95444

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads