Analysis

  • max time kernel
    94s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 09:32

General

  • Target

    e22db59e72bdbb53cdcff5ef7a4b23ff_JaffaCakes118.exe

  • Size

    228KB

  • MD5

    e22db59e72bdbb53cdcff5ef7a4b23ff

  • SHA1

    e1fecf9f8e9c5b96b36c3017b06469da0dc283f6

  • SHA256

    13c0507b58fe2048b52f5161351ff9af22580f5c11e7105af52082b328a43597

  • SHA512

    6d5a03700ae8c80642f97253073d0af8d6b87f1e65a67ebafc45013ba90e352482185474d25ceb818ded294d4cb531d2742c380afda852802980df3985bd1db3

  • SSDEEP

    3072:QpKDbhozl9HXpKl7XIF3Uak/gkgZAszPw:8sho/54X69nHE

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e22db59e72bdbb53cdcff5ef7a4b23ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e22db59e72bdbb53cdcff5ef7a4b23ff_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\e22db59e72bdbb53cdcff5ef7a4b23ff_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e22db59e72bdbb53cdcff5ef7a4b23ff_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4596
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:4480

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          471B

          MD5

          b846b882719e09ee4996593fe9ce2fdb

          SHA1

          68f64b77cab775e1b90b563325c0bf42c60e30bf

          SHA256

          bec22a671cf77d0beb4395abc6ceb14a9c02822997bce4b9f4b79ef54effaeb7

          SHA512

          b1eec5f0ad9ff3142ef1c66ce9f615d9a5ff3dfef05693fe860defebd231b706a7c4fc05f591760762b600b1a386ac6474713c94f37e57667a20873267f20190

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          404B

          MD5

          d0ce7b631afa1b9a876278d467300f34

          SHA1

          3d0949d8f2c240c2a0d48b6e800fee5c89434485

          SHA256

          71073da32ee626f5898a4a212fbd53433cc080c99be03a4509a8fac1570ef071

          SHA512

          f9ec55afd6204b6b957be90a4189f96c753194228019a368b4f1dc77b3f4f3dbcaa86e44fcaf5281f802db12cf3718c0d861da94077b33185ffc72a588cf8a20

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BRZNMQLE\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • memory/1356-2-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/1356-4-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/1356-5-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/1356-6-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/1356-7-0x00000000021E0000-0x000000000222E000-memory.dmp

          Filesize

          312KB

        • memory/1356-8-0x00000000021E0000-0x000000000222E000-memory.dmp

          Filesize

          312KB

        • memory/1356-9-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB