Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 13:28

General

  • Target

    00ded89e01e5485b62fdcba45e18ffde_JaffaCakes118.jad

  • Size

    1.4MB

  • MD5

    00ded89e01e5485b62fdcba45e18ffde

  • SHA1

    3c1594b7a61b7e22c78deae1cd279f4464f7ba8e

  • SHA256

    337ad1cc414156eafefcd8c924c39ec06184acae87798ed0b11ce310022dfab9

  • SHA512

    78b9ec825a01c7f6feb22b85fc1adcf38d27a88919e2a75f145fa048330e85e8ec10afa31bf8463d3774147ac818d587b62e346cf4d2e3973d25c0aa5137115a

  • SSDEEP

    24576:K0p6PfcBN/Si6H3sy+RG+IH0+FYiCPGlFoL35TVYgNpl1ypqPPmu2zBi7dFgkwWN:5kncBtSjXuG+0eGry5xNlypqPcNiTdxN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\00ded89e01e5485b62fdcba45e18ffde_JaffaCakes118.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\00ded89e01e5485b62fdcba45e18ffde_JaffaCakes118.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\00ded89e01e5485b62fdcba45e18ffde_JaffaCakes118.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    7dbd0c0c7da8297ebe75978e5f360b9d

    SHA1

    e0bfc092cb2299bfa52ce102941e5dffa5482376

    SHA256

    51e71d05f8643c595ad3f91948bb3540f9e5aec44c6c719185c5780cee705fe4

    SHA512

    9e4ade1554d95cad01ef395f1d2e01544bcf84a1b43ccf9479f6d9186a9e8eaff077dd5791e0302ec73c8369b14526ea85d5d46b249c25a12d6bf6e77a4cea01