Analysis

  • max time kernel
    151s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 12:09

General

  • Target

    d35381609a7837b54625620b260ceba0_JaffaCakes118.exe

  • Size

    580KB

  • MD5

    d35381609a7837b54625620b260ceba0

  • SHA1

    e2a849cd29fe4584fe183ec4a3d231b96c11510f

  • SHA256

    e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54

  • SHA512

    a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e

  • SSDEEP

    12288:Q4gzhRXZrOMlRYpl3U077HwPoTxqLWPiXjJ/whUFT:ehRXZr1ypl3p77QwTUki9/who

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Obfuscated with Agile.Net obfuscator 6 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Suspicious use of SetThreadContext 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d35381609a7837b54625620b260ceba0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d35381609a7837b54625620b260ceba0_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\steamerrorreporter.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\steamerrorreporter.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\steamerrorreporter.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\steamerrorreporter.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2396
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:2196
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:268
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:472
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:1616
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:1600
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:2068
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:1404
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:2244
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:396
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:984
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:1072
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:1628
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
        • Loads dropped DLL
        PID:2228
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
        3⤵
          PID:2576
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
          3⤵
            PID:3000

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\ee50048c-b6eb-4ad3-b983-551cd617a0fd\AgileDotNetRT.dll

        Filesize

        136KB

        MD5

        9af5eb006bb0bab7f226272d82c896c7

        SHA1

        c2a5bb42a5f08f4dc821be374b700652262308f0

        SHA256

        77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

        SHA512

        7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

      • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\steamerrorreporter.exe

        Filesize

        580KB

        MD5

        d35381609a7837b54625620b260ceba0

        SHA1

        e2a849cd29fe4584fe183ec4a3d231b96c11510f

        SHA256

        e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54

        SHA512

        a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e

      • memory/268-55-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/268-60-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/268-59-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/268-52-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/268-51-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/396-113-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/396-112-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/396-114-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/396-130-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/396-131-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/472-57-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/472-54-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/472-56-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/472-53-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/472-58-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/984-146-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/984-149-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/984-152-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/984-153-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1072-148-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/1072-150-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1072-147-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1072-151-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/1404-96-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1404-101-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/1404-98-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/1404-100-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/1404-102-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1600-78-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1600-80-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1600-79-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1600-75-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/1600-76-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1616-72-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/1616-77-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1616-73-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1616-82-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1616-81-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1628-177-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1628-179-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1628-178-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/1628-176-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/1628-174-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2068-94-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/2068-95-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2068-99-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/2068-104-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2068-103-0x0000000071B00000-0x0000000071B37000-memory.dmp

        Filesize

        220KB

      • memory/2196-36-0x00000000718B0000-0x00000000718E7000-memory.dmp

        Filesize

        220KB

      • memory/2196-34-0x00000000718B0000-0x00000000718E7000-memory.dmp

        Filesize

        220KB

      • memory/2196-35-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2196-33-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/2196-21-0x0000000000400000-0x000000000046E000-memory.dmp

        Filesize

        440KB

      • memory/2196-23-0x0000000000400000-0x000000000046E000-memory.dmp

        Filesize

        440KB

      • memory/2196-25-0x0000000000400000-0x000000000046E000-memory.dmp

        Filesize

        440KB

      • memory/2196-26-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2228-180-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/2228-163-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/2228-162-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2244-126-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2244-120-0x00000000000A0000-0x000000000010E000-memory.dmp

        Filesize

        440KB

      • memory/2244-128-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/2244-127-0x00000000718E0000-0x0000000071917000-memory.dmp

        Filesize

        220KB

      • memory/2244-125-0x0000000074E40000-0x0000000074E9B000-memory.dmp

        Filesize

        364KB

      • memory/2244-129-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2244-123-0x00000000000A0000-0x000000000010E000-memory.dmp

        Filesize

        440KB

      • memory/2244-116-0x00000000000A0000-0x000000000010E000-memory.dmp

        Filesize

        440KB

      • memory/2396-37-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2396-18-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2396-17-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2396-19-0x0000000002010000-0x0000000002050000-memory.dmp

        Filesize

        256KB

      • memory/2444-15-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2444-3-0x0000000000480000-0x00000000004C0000-memory.dmp

        Filesize

        256KB

      • memory/2444-2-0x0000000000480000-0x00000000004C0000-memory.dmp

        Filesize

        256KB

      • memory/2444-1-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2444-0-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2780-20-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2780-12-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB

      • memory/2780-11-0x0000000074780000-0x0000000074D2B000-memory.dmp

        Filesize

        5.7MB