e61a7c609fb77e3001bdde0a14cc7db904c51456b646d6e662b02c474737edfb

General

Target

e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
Size

784KB
MD5

e7e489a313cf6f85441e789af5bd6795
SHA1

1b6f26faaaa14bc26594d251655fdd159ab42b4c
SHA256

e61a7c609fb77e3001bdde0a14cc7db904c51456b646d6e662b02c474737edfb
SHA512

92797a05d0461395479b0437ae28dae55e067eeee64ec9db447cd4c052ee4ce9dc13101bad81fc4ba70708e18bf6ada8280d168330bfe0244b452078e2742d06
SSDEEP

24576:S5BoF1ppGWWLPVlIktvUFJt6BS42xDKpUBQ:6BoTTaql6wxDKpyQ

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.Net CLR\Parameters\ServiceDll = "C:\\Windows\\system32\\f761dbe.dll"	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
2208	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
2612	svchost.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\f761dbe.dll	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2208	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k ".Net CLR"
1⤵
- Loads dropped DLL
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\f761dbe.dll

Filesize
513KB

MD5
4cec0f865ffc98161d1e01a14e286546

SHA1
dec6c9239c9a2d26956e822a4945660de3487220

SHA256
e46a8832958cfd75ed5199978cec334b4b61ea6320d9c4791d1649a54c18df06

SHA512
d84c7df3a2c5bf553fbeaeee52e60f4c1ac2807db75372ce9795ec8b466eca998831ce7b1806dfb210f89ed571e37b2d6aa731e8319ceefb7a8746c306db0473

Download Submit
memory/2208-17-0x00000000003B0000-0x00000000003EE000-memory.dmp

Filesize
248KB

Download
memory/2208-30-0x00000000005F0000-0x00000000005F2000-memory.dmp

Filesize
8KB

Download
memory/2208-3-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2208-6-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-5-0x0000000000310000-0x0000000000312000-memory.dmp

Filesize
8KB

Download
memory/2208-7-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2208-8-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-9-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-10-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-12-0x0000000000390000-0x0000000000393000-memory.dmp

Filesize
12KB

Download
memory/2208-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2208-2-0x0000000000240000-0x000000000027E000-memory.dmp

Filesize
248KB

Download
memory/2208-16-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-4-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-18-0x00000000003B0000-0x00000000003EE000-memory.dmp

Filesize
248KB

Download
memory/2208-19-0x0000000000570000-0x0000000000572000-memory.dmp

Filesize
8KB

Download
memory/2208-22-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-21-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2208-20-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-23-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2208-24-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-25-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-27-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-29-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/2208-31-0x00000000005D0000-0x00000000005D6000-memory.dmp

Filesize
24KB

Download
memory/2208-0-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2208-32-0x0000000000600000-0x0000000000602000-memory.dmp

Filesize
8KB

Download
memory/2612-35-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads