98c453758e53d712129dea842bc523275ca60a1b4a5479090cd4fee4b94f0434

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5d90d7d8c283366bc910eb39b09d3ba_JaffaCakes118.exe
Size

180KB
MD5

f5d90d7d8c283366bc910eb39b09d3ba
SHA1

c6057d6eec868c00a640b22e1fdfbcc91fb6e279
SHA256

98c453758e53d712129dea842bc523275ca60a1b4a5479090cd4fee4b94f0434
SHA512

0c62d859806f65a87893a663dd3c8b876802f6ad9dbe7922e03fb724cd26e1cb5e058fc6d17b83abb78629cd91bf273b714b24a9ab24566bafc8dd14d90bc47a
SSDEEP

3072:aXBFZ7IMTV3yT0PQa0Qy2l0TqAWowF3vySeuE0chP0CJL1xgO:oFxyovUC0TqAUoSLQ8CJBx

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2840-0-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-2-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-3-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-4-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-5-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-6-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-7-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-8-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-9-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-10-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-11-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-12-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-13-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-14-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-15-0x0000000000400000-0x000000000047D000-memory.dmp	upx
behavioral1/memory/2840-16-0x0000000000400000-0x000000000047D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Norton Protect Activies = "C:\\Windows\\system32\\D5133\\csrss.exe"	f5d90d7d8c283366bc910eb39b09d3ba_JaffaCakes118.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\d5133\words.vxd	f5d90d7d8c283366bc910eb39b09d3ba_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f5d90d7d8c283366bc910eb39b09d3ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5d90d7d8c283366bc910eb39b09d3ba_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2840-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2840-2-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-3-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-4-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-5-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-6-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-7-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-8-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-9-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-10-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-11-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-12-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-13-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-14-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-15-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2840-16-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads