Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
21-04-2024 15:39
General
-
Target
ff9c2ce33fce1585aa1ff20145555761_JaffaCakes118.exe
-
Size
227KB
-
MD5
ff9c2ce33fce1585aa1ff20145555761
-
SHA1
0a69962fd393fb450a81b557af000bcc9d8b1e25
-
SHA256
8c9f417cc07060056a707d847258a7a6a98e0ef6a16cb1243222c235d79c86bf
-
SHA512
7572f57ee2ed16996df52c8c70d7e01cfdac1cca15e86334a7f78d370fc6fb5ac3efca4e082e82a5073fcbd4acf116d0e619a3a3d090129e5eeee328ddd0338a
-
SSDEEP
6144:qoEdkmu85Dq+3qM3W7tfQN5/inEaMadDKNa1aILk71:gkmDN6M3atfQunka1KNaTgJ
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 15 IoCs
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Modifies security service 2 TTPs 20 IoCs
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 20 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 32 IoCs
-
Runs .reg file with regedit 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff9c2ce33fce1585aa1ff20145555761_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ff9c2ce33fce1585aa1ff20145555761_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg3⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 488 "C:\Users\Admin\AppData\Local\Temp\ff9c2ce33fce1585aa1ff20145555761_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 548 "C:\Windows\SysWOW64\cPaner.com"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg5⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 560 "C:\Windows\SysWOW64\cPaner.com"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg6⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 564 "C:\Windows\SysWOW64\cPaner.com"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg7⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 568 "C:\Windows\SysWOW64\cPaner.com"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg8⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 576 "C:\Windows\SysWOW64\cPaner.com"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat8⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg9⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 572 "C:\Windows\SysWOW64\cPaner.com"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat9⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg10⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 580 "C:\Windows\SysWOW64\cPaner.com"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat10⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg11⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 584 "C:\Windows\SysWOW64\cPaner.com"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat11⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg12⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
C:\Windows\SysWOW64\cPaner.comC:\Windows\system32\cPaner.com 588 "C:\Windows\SysWOW64\cPaner.com"11⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\acx.bat12⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg13⤵
- Modifies security service
- Runs .reg file with regedit
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476B
MD5a5d4cddfecf34e5391a7a3df62312327
SHA104a3c708bab0c15b6746cf9dbf41a71c917a98b9
SHA2568961a4310b2413753851ba8afe2feb4c522c20e856c6a98537d8ab440f48853a
SHA51248024549d0fcb88e3bd46f7fb42715181142cae764a3daeb64cad07f10cf3bf14153731aeafba9a191557e29ddf1c5b62a460588823df215e2246eddaeff6643
-
Filesize
3KB
MD59e5db93bd3302c217b15561d8f1e299d
SHA195a5579b336d16213909beda75589fd0a2091f30
SHA256f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e
SHA512b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a
-
Filesize
5KB
MD50019a0451cc6b9659762c3e274bc04fb
SHA15259e256cc0908f2846e532161b989f1295f479b
SHA256ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876
SHA512314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904
-
Filesize
227KB
MD5ff9c2ce33fce1585aa1ff20145555761
SHA10a69962fd393fb450a81b557af000bcc9d8b1e25
SHA2568c9f417cc07060056a707d847258a7a6a98e0ef6a16cb1243222c235d79c86bf
SHA5127572f57ee2ed16996df52c8c70d7e01cfdac1cca15e86334a7f78d370fc6fb5ac3efca4e082e82a5073fcbd4acf116d0e619a3a3d090129e5eeee328ddd0338a
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
16KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
552KB
-
Filesize
272KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
552KB
-
Filesize
4KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB
-
Filesize
552KB