Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 01:18
General
-
Target
0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe
-
Size
203KB
-
MD5
0837f77cd9394e93a2ffe82ac227f1d2
-
SHA1
d227cdbeb0ecec3ac0ccc65b7cac47c3402181f4
-
SHA256
daea50d36b20ac0e2d01aa71ff3e02b2fa1cd819d0a77d65e58ce7e3df902532
-
SHA512
492aef556cfc9b3a29017e7d51a71f03002f00b6407bc7c0d40aaac22f2c47dc18a7f00e36befa92bcd975c3b89504f6f809e0e11abd08ea3b94e73beae9cba7
-
SSDEEP
3072:TYg4pumJfWJhCS3QmkYs7TIoyIsMrFgwGeBywQAymFqx59ZxWzqRpNSEB981ppLb:TlLQmNoyveGePQpsiXZ2qRpNS0fXJdo
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 62 IoCs
-
Modifies registry class 10 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\onvemflvjskmkrjc.dll"2⤵
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.welcometrack.biz/enter.html2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.welcometrack.biz/enter.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:17410 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:82946 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD53581a0e6b4a2481b0d17c98cea4c6ba1
SHA1f55e51abdb6324ae363802235297914a053947ec
SHA256a904ea3ed03f1568aaea366c859b6f0610d0e47ccd5725c20132d3c10e11188d
SHA512f9ea3d2712ca7ebb9c5826de7a89c59c7b2a50759baa83cf04fce4234d59e94d251560ab9e3bb845715ce54bc65187297eac9f73ad93adf034bca591cab3ab24
-
Filesize
404B
MD5ba38813e8e37d19a4baa1df70ca9a829
SHA13cf1ae8357f16b92e14414f5b21254d09126127a
SHA256eb7c576cef14a83bf13476becfe728d4e380467f4bcc8129759f18e39d19919b
SHA51236576b34f009fc24f708ce5ff510a09dc58b03a7f76e2521b6f5c673639177156134bfbc538d70320fe8087c440b211754e69c759d9571fa06f72bd0385449a4
-
Filesize
404B
MD594b7a381615994a9f10d72bdf5df564d
SHA10ff269124415e43f4bec541dca980d60ac0e0ea2
SHA256e19154a7c65ab203d81529ab9cb2b7ac5b6ad79ad21b788cb40d9c5b5069fdc2
SHA5129302d3f02795dd823054400eae3ac612f1f535bc99e1e8cb32631a97b7cda00cb9885af86c18df3858d7a7530863943ee2789321356befc3a95654d3b1a1191f
-
Filesize
5KB
MD582be6423e2e0d2d05e9188fcccc4264d
SHA1bb729aa4ca80d6ee37bd4fe5f93a6882ce62207c
SHA2569c3190fdbb2cc47156bce848cc109ecc71919bf361ad141e9bfc6907d3ad6b55
SHA512d7cedc1c3a6e2ef12db677bcbfa466cebfb1bfc15b6136e567cf2a13f2bf96be20ab1a063a6e83c5a83e4f1075633c702843b85cdb1122933c3306933790fb1e
-
Filesize
4KB
MD5c4ea8741bbd626d04f9a616bd372e881
SHA1174aeebd66e8c6b9e4ec58d8941146ed5afec450
SHA2562b00ea074cd9158d92500bf6333848604c719683db345178f7cdae480f242316
SHA512dbba388676092be9688f43f8e811641ec5e0de995f974340718bd0595a63441c87f293c6513bb978328fe123e36d38688295bda3632a2ecca5b516d5727920a8
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
11KB
MD5c6f5b9596db45ce43f14b64e0fbcf552
SHA1665a2207a643726602dc3e845e39435868dddabc
SHA2564b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
SHA5128faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
-
Filesize
384KB
MD5b1ec8da5c45bcfb9f68854e3e83e1ecc
SHA1e076fa98e7e97522469080b4114575d0a1333cd7
SHA25645488d93188bb7d4b5f48d9a979dedb88a4bfe14e78cda86036fd3aac07f7cfb
SHA512e4f529d36490f224178ae22b8524557e3d842f824406531e6d11ade40c8b955fca7214d9d1ee165b365df8794bc7a5a074fca378129566ff741b02bed1e48d25
-
Filesize
408KB
-
Filesize
408KB