e61a7c609fb77e3001bdde0a14cc7db904c51456b646d6e662b02c474737edfb

General

Target

e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
Size

784KB
MD5

e7e489a313cf6f85441e789af5bd6795
SHA1

1b6f26faaaa14bc26594d251655fdd159ab42b4c
SHA256

e61a7c609fb77e3001bdde0a14cc7db904c51456b646d6e662b02c474737edfb
SHA512

92797a05d0461395479b0437ae28dae55e067eeee64ec9db447cd4c052ee4ce9dc13101bad81fc4ba70708e18bf6ada8280d168330bfe0244b452078e2742d06
SSDEEP

24576:S5BoF1ppGWWLPVlIktvUFJt6BS42xDKpUBQ:6BoTTaql6wxDKpyQ

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\.Net CLR\Parameters\ServiceDll = "C:\\Windows\\system32\\e573642.dll"	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
4476	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
4236	svchost.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\e573642.dll	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	4476	e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7e489a313cf6f85441e789af5bd6795_JaffaCakes118.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4476

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k ".Net CLR"
1⤵
- Loads dropped DLL
PID:4236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe c:\windows\system32\e573642.dll, Launch
  2⤵
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\e573642.dll

Filesize
513KB

MD5
4cec0f865ffc98161d1e01a14e286546

SHA1
dec6c9239c9a2d26956e822a4945660de3487220

SHA256
e46a8832958cfd75ed5199978cec334b4b61ea6320d9c4791d1649a54c18df06

SHA512
d84c7df3a2c5bf553fbeaeee52e60f4c1ac2807db75372ce9795ec8b466eca998831ce7b1806dfb210f89ed571e37b2d6aa731e8319ceefb7a8746c306db0473

Download Submit
C:\Windows\SysWOW64\e573642.dll

Filesize
256KB

MD5
a3797f05474cf3c0d0f230d0fd166b1e

SHA1
bbd1a4a85f62c0a03fbdf2e0b408c168b2f2538a

SHA256
11edb5aa4d4011419c936e5edce8297c7fff3a303b42575e5520021630d74151

SHA512
ff111746470cce2ff1a436be584e38b786cd749b9fcfb1bce32832bda9c0086fe9d61f4551628f30d74d358c42f50384b757232bdaea002c3d741cffa28248e6

Download Submit
memory/4236-43-0x0000000002060000-0x000000000209E000-memory.dmp

Filesize
248KB

Download
memory/4236-40-0x0000000002430000-0x0000000002432000-memory.dmp

Filesize
8KB

Download
memory/4236-37-0x00000000020A0000-0x00000000020A2000-memory.dmp

Filesize
8KB

Download
memory/4236-39-0x0000000002400000-0x0000000002406000-memory.dmp

Filesize
24KB

Download
memory/4236-38-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/4236-36-0x0000000002060000-0x000000000209E000-memory.dmp

Filesize
248KB

Download
memory/4476-25-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-23-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-11-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-5-0x0000000000830000-0x0000000000832000-memory.dmp

Filesize
8KB

Download
memory/4476-15-0x0000000002240000-0x0000000002243000-memory.dmp

Filesize
12KB

Download
memory/4476-16-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4476-18-0x0000000002660000-0x000000000269E000-memory.dmp

Filesize
248KB

Download
memory/4476-17-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-21-0x0000000002260000-0x0000000002262000-memory.dmp

Filesize
8KB

Download
memory/4476-22-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-0-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-26-0x0000000002660000-0x000000000269E000-memory.dmp

Filesize
248KB

Download
memory/4476-24-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4476-9-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-20-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-19-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/4476-28-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-30-0x0000000010000000-0x000000001019B000-memory.dmp

Filesize
1.6MB

Download
memory/4476-34-0x0000000002390000-0x0000000002396000-memory.dmp

Filesize
24KB

Download
memory/4476-33-0x0000000002400000-0x0000000002402000-memory.dmp

Filesize
8KB

Download
memory/4476-7-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4476-35-0x0000000002620000-0x0000000002622000-memory.dmp

Filesize
8KB

Download
memory/4476-8-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-6-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-4-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4476-3-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/4476-2-0x00000000007E0000-0x000000000081E000-memory.dmp

Filesize
248KB

Download
memory/4476-1-0x00000000007E0000-0x000000000081E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads