b3bc981dcdf908a7fb5395bebb4aef757f7d706ed654f7d6cefd26fdad22bae8

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 00:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe
Size

154KB
MD5

ff98c6e451385580e520adc4fc5b6748
SHA1

5ce6917f2b1bb573b520bc0be3b760d416e4afd9
SHA256

b3bc981dcdf908a7fb5395bebb4aef757f7d706ed654f7d6cefd26fdad22bae8
SHA512

6712d1870fc227d44f0f67d85767c050c8302b335eb1ac83927a2be5a50026467b1dbada1b199e83a7b4d794ba44e3f60262fe70105130216055f9cf2b558c79
SSDEEP

3072:622ihA0m3BJP0AcrwLi5j2B9D+lnUfy4yEOhJElROslNmLRY:VA0m3D0Aq8i1nUfy4O/ZYNp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1440	BetterInstaller.exe

Loads dropped DLL 1 IoCs

pid	Process
2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterInstaller.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	BetterInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1440	BetterInstaller.exe
1440	BetterInstaller.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29
PID 2300 wrote to memory of 1440	2300	ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff98c6e451385580e520adc4fc5b6748_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe" /affid "cdkeygenerator" /id "cdkeygeneratorkbvr" /name "CD Key Generator"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39ddc9feb2a252f78f49e9bb33e29f62

SHA1
196db7498bed41f5e348617c5e18f70e1920519f

SHA256
6a4571db7d3bd37a25f7b3a9cd9aa2bcc6d3bf3b5364183c6aefcc3b6f7cc825

SHA512
4f0d26643d078b4d4ebfc1d395f0d2f9d6ea7e6ba4330af3fab6a8a59933c541dc3d4ed6dfc48aee21cd4d5295453848cd647b3d3b7d0e510b7ec8a30e7f3ec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a0427f45c972dcdd1257072d97bea85

SHA1
2f583a198dc19490b6a8b30a9382aa9cc1ed9cab

SHA256
30b203ffb182ff69e78044164f77309af6f7100dc924d850b5eea6b8b7bf3a89

SHA512
b3d2cc36b1ce3efe7fe7671db6f6622b6e480990c571bab6767dc587661ac2811d0011fba3d6f14fc225d56dea245dadfea24d01b8151d117f12ad3c434aa7f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50fff63cf337b5efea4cf39bdc8d7a26

SHA1
c567c1b67f255420e8f203a4a72f1a238694197c

SHA256
7968cde7ecb3173e7d79b34d90a056cfc06c1d480d713e32f6c0c4ab5cc990e8

SHA512
00fdc7eb5a32077509206dd57d2d2a4a5f0586a7bac9a2342a512e264b0a8ebbea3a2cfe01361fd0e645c6dbc0840a52bcb2e6cb5ac3d97403a59bfdf666e503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9b35237e2d58c7796ebeffbc0c01d96

SHA1
1b39dbf56bcd68a1eead157b90a1a82378944340

SHA256
86195d7e7c77a3661c1d5656b20f3efeb67919e7eee6bc53be5b5c1a44d3f27d

SHA512
0cef9cc645dafa7e4b3f82ab5c78562199fcf633644a38f95be99d1d09e39c76b3fd3058511ae3cb3c4cc24cad8553636cc5cc90a8755099c23aec9e8027d1fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37cdbc4cb1bbaeb06737786055bd6fc4

SHA1
ac04cdb576debf51830a380124b2e78bf6829276

SHA256
509568493859e30e212bc1a8967b9734fea064ba6b41ee4559c3a202b548ccf0

SHA512
bec556f16d019aa2f01fb3692b90f82bdd846a1f6edaf77ddd2eb94de74c68d39eaea1ac35b1fa72a2a793576a8525f2ff6a4182f3268bf6e38a43a47ccaa750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8c28e9fcaeb8921eb7722d86c3c26f3

SHA1
dca2547ac0908564a5aa31a383934998c03f82b2

SHA256
4b5e893fdfe957af23be473756cb802301f5cc483f7cf3da6442c316a9b6e152

SHA512
f88bcd2b37cc64588480e37782b0e80f9c4ce1275228be809225fa2937610bda879a474e9e0c803d8725b213e6fbaeac75add36f92406f275881c658f0f9e7f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ebf040775dc8e0624c8f8184108a4b2

SHA1
05eeb1c10803477f0f894b3ba2895f57f421bd4c

SHA256
ae8af3b7865c04fec61ce1f414d380644f194ab2e30f45b725007528076939f9

SHA512
04111eee97f13ef03969924c1c4641394c261f3afe9cd48a31855b602f36f6118ed36056cca39ff2398cc782a3dd381e6ce5ad0dfa023df735c2449f4977ac89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d407873dabd61586a69fdf3c6763fe0f

SHA1
e60c7c904d9fa46aebfe39f289c25f72ce1c19f3

SHA256
c3846f636eac520cb01aefe3746004a08493031241957ef6713c5515374ca3ec

SHA512
06ceed661f251cd5684e56fd55d10dfbaac0629dd5963191c291baee2d1430b42af94ccc0c47e30aaade0949b2164ac8af10c30261a48b2322f416fe33791ea6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
265ebfac0c148e129e5dee70c36d3604

SHA1
acba5048a0c19b6a32746224c8ae6a268327ba99

SHA256
a6a0c9cc33738a95487028ed23bcb052e9ab9e55e2de13da71d5074ea45a5943

SHA512
db720d26efa46326068e41924f0c32c99b19842c2b7ba96d0b3c193936f6ee3eb80fb657950e11ca5892516a5b26f590c6a7ebd6f8d80539cd9263fa1dc17bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADFD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE8C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\config.ini

Filesize
105B

MD5
dd79322827175514ca3cb4e69b5b8d83

SHA1
2d97a209e7c99e5d298a8e078285ee7c260479fb

SHA256
634555f35671784d052af1b9a28ce8a929ef13c63a9278fcbd6d06ccfcd06800

SHA512
81802e2703d2c663e521a3babb7206c99b2ea94017fb1f20d0e4f128d06f144948be19d29e4b1fe97c88a4662589164a02ef44847707e42808523353f6f7090c

Download Submit
\Users\Admin\AppData\Local\Temp\BetterInstaller.exe

Filesize
207KB

MD5
d79b88bab3231ebebd3c6505ab68ce56

SHA1
3222e8dab740ba1d640cc66a9cd36070969deb80

SHA256
d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec

SHA512
b8afbd52e74d8611714a33bd80a907be8080195bd574ceb0aa8ce44520c9cf6c40ccce4a4db9be0808b8b5a6b7b0fee17ee42f9cca67d69152dd1f1d8ddd99a9

Download Submit
memory/1440-16-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1440-475-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2300-15-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download