Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 13:23
Static task
static1
Behavioral task
behavioral1
Sample
f1278c614f4bcb17088e0194a3e15108_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1278c614f4bcb17088e0194a3e15108_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
WindowController_setup_06.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
WindowController_setup_06.exe
Resource
win10v2004-20240412-en
General
-
Target
WindowController_setup_06.exe
-
Size
1.4MB
-
MD5
5f47cf5504f99f7a6a20ea11e393ed75
-
SHA1
081ba58a5a211efa949b6536b477b9f211f1a0ea
-
SHA256
a3164eb1974835b112230abb7460da2b4c328dfed3c85283c792911e86f90f5b
-
SHA512
4c8e48d14124fdcbb5a4624c77557c94b3bd756fbb2bf98d37b5a4355b3fd902e0fb335d5fb8b4a939e5df04e9c52e426225426c80af07f2876a23dd3a93a5f2
-
SSDEEP
24576:+fOy4I4oZ+OTFmmYf52bLIPCUtSyxVqVuR5LnMlyFarOHd4uyIg2df5HejNPvNa2:+GThaFw52P4kMouR1nyyFaaCuyIg2dfE
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1980 is-95202.tmp -
Loads dropped DLL 3 IoCs
pid Process 2212 WindowController_setup_06.exe 1980 is-95202.tmp 1980 is-95202.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1980 is-95202.tmp -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 2212 wrote to memory of 1980 2212 WindowController_setup_06.exe 28 PID 1980 wrote to memory of 2148 1980 is-95202.tmp 29 PID 1980 wrote to memory of 2148 1980 is-95202.tmp 29 PID 1980 wrote to memory of 2148 1980 is-95202.tmp 29 PID 1980 wrote to memory of 2148 1980 is-95202.tmp 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\WindowController_setup_06.exe"C:\Users\Admin\AppData\Local\Temp\WindowController_setup_06.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\is-ISALC.tmp\is-95202.tmp"C:\Users\Admin\AppData\Local\Temp\is-ISALC.tmp\is-95202.tmp" /SL4 $F0150 "C:\Users\Admin\AppData\Local\Temp\WindowController_setup_06.exe" 1217223 522242⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\del_bat.cmd""3⤵PID:2148
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
226B
MD557d7419e37e725840c910cb21ccf0adb
SHA1b2a7b23acc8039311994933add224e72ee08a4a4
SHA2567adfe3d985257c921c924fca6fc84cec6b79b2bb676d4e1b603582afec778fac
SHA512e4f0c3c5f2702baa8a3954eadca2e1c380b7bc0b1d642659d8bc03467f0f17be05ff5f6f9b96094a66b3fc7a0552277cea1e5c5a31ae073344ae2344fe9321fc
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
656KB
MD54fa180886ff7c0fd86a65f760ede6318
SHA12c89c271c71531362e84ddab5d3028f0756a9281
SHA2561d9026c60374b056720cdfcfa598a641cc8fbc9932590d69b4cfbc32cd09871c
SHA512a278b1d36332be9f3c284c0a4716c5e130cc6e1524c03bd693769497aeed97360c74fb8466b2d0ffd474ea8fe545c6961674ea2668a0867aee270659ad0142cd