Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 10:17

General

  • Target

    ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe

  • Size

    131KB

  • MD5

    ead712f470789677a12c04fc277c0bd4

  • SHA1

    9b97a706e702ba45a93e2053d82b066835f53852

  • SHA256

    ab9201659c8899a715605242a1b9a34be398b6c331b89d67cf3645df13199dd4

  • SHA512

    96312976338f917bea9bc24efbd183e0c25654fd2e5285bec418a7413c7456939841a603fe44065578717a7a7c134f2064be72a9703805adabc6ed4eb81b44b1

  • SSDEEP

    3072:iNEeUBe0fMZNydHLTGvtHYkdrp3DyZBKsbC:iNEeUBe8qNIGJVsBK6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ead712f470789677a12c04fc277c0bd4_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\Sxegia.exe
      C:\Windows\Sxegia.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Twain001.Mtx

          Filesize

          2B

          MD5

          309fc7d3bc53bb63ac42e359260ac740

          SHA1

          2064f80f811db79a33c4e51c10221454e30c74ae

          SHA256

          ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa

          SHA512

          77dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8

        • C:\Windows\Sxegia.exe

          Filesize

          131KB

          MD5

          ead712f470789677a12c04fc277c0bd4

          SHA1

          9b97a706e702ba45a93e2053d82b066835f53852

          SHA256

          ab9201659c8899a715605242a1b9a34be398b6c331b89d67cf3645df13199dd4

          SHA512

          96312976338f917bea9bc24efbd183e0c25654fd2e5285bec418a7413c7456939841a603fe44065578717a7a7c134f2064be72a9703805adabc6ed4eb81b44b1

        • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

          Filesize

          372B

          MD5

          acf1690f0bcb49d2aaea137726db4e6f

          SHA1

          07b5b5c91ba3c8718fd68a0d8c4263b89d787704

          SHA256

          69e29e424901bb6959185f4016e1dbc7c14090ca4bed9f639b54e95bbcd0a102

          SHA512

          354b52f66f2d1d297bd4aaf1b410aa8090e47b8ca2e6cd154179bda9815af19633bbcf6f6c214f2b6a7e60f34f2d31f5bc5023a61f8d848d2b7d57aa38625ab5

        • memory/2824-48845-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48843-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48853-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48852-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-24634-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48848-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-44745-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-13-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48844-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/2824-48846-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/3036-1-0x00000000001E0000-0x00000000001F2000-memory.dmp

          Filesize

          72KB

        • memory/3036-30808-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/3036-14165-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

        • memory/3036-2-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB