Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 10:17
Static task
static1
Behavioral task
behavioral1
Sample
ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe
-
Size
131KB
-
MD5
ead712f470789677a12c04fc277c0bd4
-
SHA1
9b97a706e702ba45a93e2053d82b066835f53852
-
SHA256
ab9201659c8899a715605242a1b9a34be398b6c331b89d67cf3645df13199dd4
-
SHA512
96312976338f917bea9bc24efbd183e0c25654fd2e5285bec418a7413c7456939841a603fe44065578717a7a7c134f2064be72a9703805adabc6ed4eb81b44b1
-
SSDEEP
3072:iNEeUBe0fMZNydHLTGvtHYkdrp3DyZBKsbC:iNEeUBe8qNIGJVsBK6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2824 Sxegia.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\DFGQBFFUUO = "C:\\Windows\\Sxegia.exe" Sxegia.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Sxegia.exe ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe File created C:\Windows\Sxegia.exe ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main Sxegia.exe Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\International Sxegia.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe 2824 Sxegia.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3036 wrote to memory of 2824 3036 ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe 28 PID 3036 wrote to memory of 2824 3036 ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe 28 PID 3036 wrote to memory of 2824 3036 ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe 28 PID 3036 wrote to memory of 2824 3036 ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Windows\Sxegia.exeC:\Windows\Sxegia.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2824
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5309fc7d3bc53bb63ac42e359260ac740
SHA12064f80f811db79a33c4e51c10221454e30c74ae
SHA256ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa
SHA51277dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8
-
Filesize
131KB
MD5ead712f470789677a12c04fc277c0bd4
SHA19b97a706e702ba45a93e2053d82b066835f53852
SHA256ab9201659c8899a715605242a1b9a34be398b6c331b89d67cf3645df13199dd4
SHA51296312976338f917bea9bc24efbd183e0c25654fd2e5285bec418a7413c7456939841a603fe44065578717a7a7c134f2064be72a9703805adabc6ed4eb81b44b1
-
Filesize
372B
MD5acf1690f0bcb49d2aaea137726db4e6f
SHA107b5b5c91ba3c8718fd68a0d8c4263b89d787704
SHA25669e29e424901bb6959185f4016e1dbc7c14090ca4bed9f639b54e95bbcd0a102
SHA512354b52f66f2d1d297bd4aaf1b410aa8090e47b8ca2e6cd154179bda9815af19633bbcf6f6c214f2b6a7e60f34f2d31f5bc5023a61f8d848d2b7d57aa38625ab5