7d8f26dcaa7aaa7fb02680772ab17380e88aadb06dc3033bd06658856ef0272d

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb603a119a5714bf2fa79e64f67dceda_JaffaCakes118.exe
Size

332KB
MD5

fb603a119a5714bf2fa79e64f67dceda
SHA1

2b7372dccc857bb55d571f2dd95c54fa7e8e1e66
SHA256

7d8f26dcaa7aaa7fb02680772ab17380e88aadb06dc3033bd06658856ef0272d
SHA512

3712b43a2f90188fb75a6893125b9f9ea4ed3ff969c787353c6c73086cf45eb02dde6d3914436ab0b521cfdfa5efe8d9ba0bfc462d307eefd5688692f7623439
SSDEEP

6144:/itlyU+eCLtUT2HdPe/5xag5BaNvSGh1L7oTVyGqol:4P0e2cBxa6aNaGT7oTVx

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
3416	pyhdnkm.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\pyhdnkm.exe	fb603a119a5714bf2fa79e64f67dceda_JaffaCakes118.exe
File created	C:\PROGRA~3\Mozilla\udqhztf.dll	pyhdnkm.exe

C:\Users\Admin\AppData\Local\Temp\fb603a119a5714bf2fa79e64f67dceda_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb603a119a5714bf2fa79e64f67dceda_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:3036

C:\PROGRA~3\Mozilla\pyhdnkm.exe
C:\PROGRA~3\Mozilla\pyhdnkm.exe -iiopsym
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\pyhdnkm.exe

Filesize
332KB

MD5
6c873a3ea77689d34ae84cb058cedf50

SHA1
7344167cdda55b46c436c5273f33e372a2152b83

SHA256
bdd037b74627df08d8bd537441bb2e88a0d8f4c78a8e26eec16e8a9a82b6cc47

SHA512
485a0fba0c02959c0003590d9d937c1a10ed8858367b0f1cff8ab2b920e44ef1f0a2fd49a28a64ec2cd2c2c1863cab5e3c24e03b2912c3d377251ba3b6fdd545

Download Submit
memory/3036-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3036-1-0x00000000020A0000-0x00000000020FC000-memory.dmp

Filesize
368KB

Download
memory/3036-2-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3036-5-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3036-7-0x00000000020A0000-0x00000000020FC000-memory.dmp

Filesize
368KB

Download
memory/3416-9-0x0000000000DA0000-0x0000000000DFC000-memory.dmp

Filesize
368KB

Download
memory/3416-10-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3416-12-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download