Analysis
-
max time kernel
142s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 03:55
General
-
Target
2a65061fa559d41238775ac3189e271e_JaffaCakes118.exe
-
Size
429KB
-
MD5
2a65061fa559d41238775ac3189e271e
-
SHA1
e0d9738db0f9acb1f5e1dd33a8ba37bd054bc890
-
SHA256
0db637d3ba640cd0659b4c03b6e516b6644d0c352ae7e7fa331d318308306ae0
-
SHA512
21f81538b7aabebfdd27e7d0342eb5398e33e263ea8ca5e2024aecd743a31939e02d601861fa3425fce045df11d2b9b360f1949c32b20adb0f2bef5dd7ba5696
-
SSDEEP
12288:eUQ6fxZ5iqxSTuKJ+Ayjr1rqtZ/lffliurT5M42:FfxPTlHAEpqb/Lius
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Loads dropped DLL 6 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a65061fa559d41238775ac3189e271e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2a65061fa559d41238775ac3189e271e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\{aaef255f-83b1-ec14-6a65-7502e9df7357}.dll" DllStart2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3428 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
14KB
MD52bb3a180348b2b3d155cd12b9eda0712
SHA11f3e94f5457502ce59aee891275288f88739f367
SHA256944bc80b57670eb187bdd59250f77af6ab657a2cb6ede3621139d8c04d57eec3
SHA512d555b890910a8a729e37cd69fb612d5d7efe76f2821995b3c7b532d663d5993688692d8d5be6f97f683daaaf02683a134c69f9ae6710a7e005dc7cd47cce0c55
-
Filesize
10KB
MD50bbcbaee7b703ebd55cd8658a0e8dcd3
SHA16ed448b8b67cea36eb45bfbc67fed9a6da9623e4
SHA256e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6
SHA512604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008
-
Filesize
362KB
MD52a86bcc1ed9158ed416ec68f5abb882c
SHA165a8c481467305940291a31ec5b7148e330411ef
SHA25626182251f50751f38c5059580268ec556ebc5482c258d514230ee09ed2f9651c
SHA512e1d4e9b5f9ac7e6402f2dc921a9a2792e7b549354c93c9fb48c093971059353c25bf59a14a7f4a7659f58e6c2530b85d776fc5f9e1edad0d1e1ec70a4c42df6b
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
52KB
-
Filesize
360KB
-
Filesize
456KB