672083ab81b115705354d6264336bd0b879848087933cd603231c7850671c2e7

Analysis

max time kernel
149s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
Size

37KB
MD5

0bdf47eab689f6d7cf23f64fb06fac64
SHA1

b0b9dee4bb1ef616e376c1d3a8ffc8fc9b250514
SHA256

672083ab81b115705354d6264336bd0b879848087933cd603231c7850671c2e7
SHA512

c5def6629156c01ec4aa2c886d5720aec40c68c3d5e063659146f44229830d2cff7ae9230f8ae3f850085b8846e524fa4b84054036914721f1e5c37d48fe33b0
SSDEEP

768:Us4cQbCXSh9RgjkEprmk358B+LqESKs8udqd9zYcCeK:3RQbqqdqCoR2KJud8HK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2544	JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2544	JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
2544	JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0bdf47eab689f6d7cf23f64fb06fac64.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\api[1].js

Filesize
870B

MD5
959fca740c230726e5a7cdf2b7603468

SHA1
1fa3eb9690cb728a4ba96846bd8eac87fa914073

SHA256
1a7a8da967879cf8c53e114c331242c5d44c39d4b4778a0824bc2f363504c3a5

SHA512
c493d157fdb40ca20752cd7419c3bf837c12831ef05d0d3e41844e17fc99096d1a7429adaa58ade3eb99aa5e5ce4ad91af8ef7c25f36c7e69f341ad0f2e88e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\recaptcha__en[1].js

Filesize
547KB

MD5
19ddac3be88eda2c8263c5d52fa7f6bd

SHA1
c81720778f57c56244c72ce6ef402bb4de5f9619

SHA256
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

SHA512
393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

Download Submit
memory/2544-6-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-3-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-4-0x000007FEF5E6E000-0x000007FEF5E6F000-memory.dmp

Filesize
4KB

Download
memory/2544-5-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-0-0x000007FEF5E6E000-0x000007FEF5E6F000-memory.dmp

Filesize
4KB

Download
memory/2544-7-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-8-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-9-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-10-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-44-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-47-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-2-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download
memory/2544-1-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

Filesize
9.6MB

Download