73e707a4ed7154d04a2e8bdf9b3dfa0a18e2341daa0c9cd23e555307af86a197

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
Size

63KB
MD5

f8d428b591ffb44c444f7ccf860b12bb
SHA1

5682cb5cb0501bda4a321c18668e3ff0a9f420c9
SHA256

73e707a4ed7154d04a2e8bdf9b3dfa0a18e2341daa0c9cd23e555307af86a197
SHA512

91f5ec0c8f4fab75e65e28e41b311f49750f8ddb6e14b66cc88c3c934eacfc696a3aa29edb86dcbd18b890c53675d80d3247791e5bb435144a5e0b6e7e25ed68
SSDEEP

768:HFUvnDko7xcehdTvBuZl1zQy1UibNYiqBsaAWFJNAI42EwMMdcxXnai5hz1svtb:CYmhVvBAFQ5iC/BxvFJz+9Tpsvtb

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\bhcuwm.sys	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\dejaje\Parameters\ServiceDll = "%SystemRoot%\\System32\\bhcuwm.dll"	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\dejaje\Parameters\ServiceDll = "%SystemRoot%\\System32\\bhcuwm.dll"	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\dejaje\Parameters\ServiceDll = "%SystemRoot%\\System32\\bhcuwm.dll"	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
2360	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
2456	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
2360	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\0004a7f9.ini	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bhcuwm.dll	f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2360	svchost.exe
2360	svchost.exe
2360	svchost.exe

C:\Users\Admin\AppData\Local\Temp\f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f8d428b591ffb44c444f7ccf860b12bb_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:2456

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k dejaje
1⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\bhcuwm.dll

Filesize
93KB

MD5
f43349210493012ad40965ed127ff672

SHA1
2bdbdbcfbc5c440d374fed937954ab2670621b90

SHA256
f385bf2e7a07fc97dd31fcf7cf19338753955b5d0316b50aac2c4dd094308c89

SHA512
562fb960a74c65612a7c434defaa68db1b6e3dece92c3132dd93be2d5ccd44fff40eba4c20cd22738fa71a24d2e25df661c49e7405914bd688ee1127077fbe62

Download Submit
C:\Windows\Temp\4248.exe

Filesize
139B

MD5
7a35675ab358ef6b72242a3f5e66a146

SHA1
bde4e04b29af1998350a65c6db65e660aad33f93

SHA256
02203c61ceb97eb89649eb06d14cb68e7d405a0c2b282b57ea46c5a102013b7d

SHA512
6d5d70fe6078be9109c99a3863e8a7a715dc9c87695cc42a7d7f15555ac4e01c325296be9f69b45289fd8b300e5e95e113bbd82e9cb34eabe47125db73deb4c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads