a69bebef3cf47d86c8d9167eafc273a22c3582a1bbff820850397b11b1be7da5

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3092adea64e860265755900b8dad0242_JaffaCakes118.exe
Size

162KB
MD5

3092adea64e860265755900b8dad0242
SHA1

48a00d7aefcfb709ec1aec6392e165fd896b9c50
SHA256

a69bebef3cf47d86c8d9167eafc273a22c3582a1bbff820850397b11b1be7da5
SHA512

8419907d5405e847ccdd6bb9831f98c6777723956c1ba4e168c8f801933c95f4159eb7a7091a27f8c6983698c4d0b3f87af8b9a8077c3d114d2e496b61e37c09
SSDEEP

3072:i22ihA0m3BJf0vleUpsugJqlhKU53jlN9twYsO3EaU+UQTHZLF:dA0m3T0vNAwbLRHCK31yg1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2712	biclient.exe

Loads dropped DLL 1 IoCs

pid	Process
2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3092adea64e860265755900b8dad0242_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	biclient.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	biclient.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2712	biclient.exe
2712	biclient.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2712	2756	3092adea64e860265755900b8dad0242_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3092adea64e860265755900b8dad0242_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3092adea64e860265755900b8dad0242_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\biclient.exe
  "C:\Users\Admin\AppData\Local\Temp\biclient.exe" /url bi.bisrv.com /affid "awjp7zip59394" /id "7zip" /name "7-Zip" /uniqid 3092adea64e860265755900b8dad0242_JaffaCakes118 /browser ch
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fbd2495548d215419ce796a3e20023e

SHA1
53854bd0dc8f497530f3ed5e7aff32185eb9f837

SHA256
b6fe9491497c04d71cbfde32e221a7999d81d1c5d2285cebbdc1086d2bdf6ce7

SHA512
6f4806cc77da8b8fad6e0e6b803c40481587b5fe41791c8564927810f4e3d4c61968a0a435bbf413c2d966173d2f59e6b2529db63f3f86ddbfece8a1017346e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6aa3d7b93c256494e2a3e33a2d7856b

SHA1
6989d828085630401ae2f978b263039bbfcc1017

SHA256
199d7c2d3508c08ca149b4c3f6203a5c67eacd1f922772099e119f2b597ef2d0

SHA512
4d7558a61c8c84a30a739b7f8ed30cee2e88fa96c18999779c9cf92ae8258019a0363df2eca0dd6ecabd0ff139fc44d9e0e67fcb518bb32f90b32edffb337e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
133456e8e0f515e6724e0fd3403f2238

SHA1
0b831936546aea516a2a8b4c2d33781921c4e9c7

SHA256
f6995238a75b8337b64ab4bf416dc72f42cb7bdd54a7c6c6ad066ec3781037c0

SHA512
aff700206cf4e84a501cdbf706ee26c01b83dcbe13e68d050fe3f0336efa153375ff94527bba703c1ce9504f1390cb06211d33677d487aeaf2f24e017ca5c70b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa68d38c4f74fa9ee8157fc2ee666324

SHA1
e872af11617a4aa134aa129ca1463c7749f7f812

SHA256
552b42e3e1510dc7148cb68952847420839f5ae56b170ecc98d3cfdc4bdc793f

SHA512
f6a9ba020255a69424958ffa9b63781c71a89128bdcc527862b2cd31c4147196762f9ced3322a0fe0262c14d3331879b3c251de63f13a44f16652258f3b501c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7497e324209e35eb3fad5b34b785f41

SHA1
269b317d251bcdb0cc11e6afed393c409fd33138

SHA256
b728a5a90e5d69d1e6c7575329a5a53a77d6def45e6de08489ac74db28477201

SHA512
e96036a7b1abcccff6cdbd6f5e44d7a6af4f4ad2828d1360ec09575a950d5b2a1b9734f004b72eaff6161e0f049727af10831c05f552dd97e53444edd98f2aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c51edf0ddd4c53cc9a5cd75c28df76e1

SHA1
62b46faa85600950fff49ebfdd729b680bf1347f

SHA256
a840ec6918b5ed377fedc6cab7c13083df7688649bbcf5cb768b59964721bc78

SHA512
ba5b5990bbd4b0ac57e4851589afc6f5b3243a1f7d0723d2d1a15ac6209b2b33386c97c8ad4f3b661b27f3ff0c8b14081d5a9e62a4b0daef1ca1fcf66697dbf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd2adfdfe6aa9f558166afbc5170585e

SHA1
f8d5f2b837a70cc20eadb1d6f09b808059b43442

SHA256
2c233a5307934f909346ccbc107f54853378580016833e6735ed661f62e03ac0

SHA512
11621c3df99a1969c88ae946ba14a3f85505ff7ecd95f4bf6f87361e037beb5452f6b04f89f3d803997941efb03e79c32147faddfa07fdf31529558c6c7f82ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0377be58be7d90307ddfed94be4cb793

SHA1
02bd56f6badce8363f367be071af448107c82832

SHA256
8ae008a5f14ed4f994f1b97468ac209fe6874874c60379181b852821f951f38b

SHA512
c589b147dc21997ba1d99e9dfbb39ec440b7e1899552e728429faf8f3a52e397be1f87a784943c0d2ff5e8568833ab666ef0833b581e4fdb624adc80633d8d33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5004e2eb5a3b94708fa323040a3309e0

SHA1
03782d96299f939f7aa2c507b562613d28e520a3

SHA256
c358314043734613877f3c698dd958655eac8cd451505282f782c6867452e253

SHA512
df613d3ebbf7dca52a95d81620ab3f9afbaaf86d707ffb811d22cbd8c39472b59aeb069424f7b2b7798089ef925bcc4840392272a5c35dd185b9e9e1ff48da36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4961.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar49A3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\biclient.exe

Filesize
223KB

MD5
ac8f7611f353ca9803fad5ff81900678

SHA1
de33325e686c82c12db1f95f39e94ac746f5b5b5

SHA256
ef72a8db980a2c299006b1c32b6ab0a74fd00dfc131c6ae7f13b392adf4159cc

SHA512
75d7d0a106f8cc02cac734e34a4cccd97d814214c397e2c05eb00b95b4ef87d2ce60e368b8d418a9c5b330b239547d1d9555538b6a2c705040a746bdcb320571

Download Submit
C:\Users\Admin\AppData\Local\Temp\config.ini

Filesize
79B

MD5
3d64b3e3f0d664ea8d414ed28785c091

SHA1
9b4a191ce0b49011a1919b1b9a0dd640fbe48aa6

SHA256
3664f97d176a69296593e39daeb6254434596924251c3ebaa72faa24e32e5b35

SHA512
028ad76d1dc5cd184dc8c627a0f067d3ef0b157c79085af3e280b9d99376b1114971011c5e3f40ce6689e7ab9fc35f1d9b795514e1ca4f2cc294f025b9d66174

Download Submit
memory/2712-14-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2712-473-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2756-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download