ad10606f3fb69f8908b950eb0b85100d73f3e9336a0c5cbdb64665551ceceaa9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe
Size

696KB
MD5

edf693864be0bedab974fefb090d9a20
SHA1

a6ca9c6b91439c243c08d8f8e1acf35f5640a88a
SHA256

ad10606f3fb69f8908b950eb0b85100d73f3e9336a0c5cbdb64665551ceceaa9
SHA512

ab12b72a9756a1c0d3c806b15e70518d9df421fa64df4d887e2f9bb088a7de289fa5290bf6d95333e9b89ec29982beba04cc7cbf3aa37135d1e60e90ee074cb0
SSDEEP

12288:Rol66wfKPfhcwU/jw1+0GX3z4dFeLiXS+rCsdq9+uJ7zk+nG8R5+YIHf8pw5a4EL:GlGyXCwE4+1XDDDvsdq3JhG8RobEpcaH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3708	regver.exe
4900	CheckVer104.exe

Loads dropped DLL 3 IoCs

pid	Process
2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe
2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe
2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3708	regver.exe
4900	CheckVer104.exe
3708	regver.exe
4900	CheckVer104.exe
3708	regver.exe
3708	regver.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 3708	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	84
PID 2028 wrote to memory of 3708	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	84
PID 2028 wrote to memory of 3708	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	84
PID 2028 wrote to memory of 4900	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	85
PID 2028 wrote to memory of 4900	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	85
PID 2028 wrote to memory of 4900	2028	edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\edf693864be0bedab974fefb090d9a20_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\TempImg\regver.exe
  C:\Users\Admin\AppData\Local\TempImg\regver.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3708
- C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe
  C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe

Filesize
332KB

MD5
fa199dffc4991a36725e1a2d272e787e

SHA1
68c1db76a8080782e3f450e3f724e4e1564b18f6

SHA256
13c8453cb118d3f9d2dc2a1189633ab10162f902758320487f03daf124c4bb9e

SHA512
8dc6a2369dc87148ac45cd6ae37f33fcb32c4fd863d17f6166a41c7a4ef40edd6a4da0f57536f382e550add791bf678a5116e0f1cb440649be1b924c3a31a520

Download Submit
C:\Users\Admin\AppData\Local\TempImg\regver.exe

Filesize
290KB

MD5
9181b183dd3096301e7211ed0312de8a

SHA1
0c321747b581ad79da70dc9aab183cc12c3bbefd

SHA256
202fcecc53f1ffd2d1d85cc4cc79a24ae37285ce564e15615b5d13ca69487968

SHA512
5316e0511746c75603ba02eaf79b9aafbb29356f94279f466d3f17e9894082f14cf052ca3b8f52a149815e8c9b58f5d4b02ef1dcc3d677dc27032480f788adf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse4547.tmp\ExecDos.dll

Filesize
5KB

MD5
a7cd6206240484c8436c66afb12bdfbf

SHA1
0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

SHA256
69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

SHA512
b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse4547.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit