Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 20:12

General

  • Target

    03887e478c292d08479b127241de0aa3_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    03887e478c292d08479b127241de0aa3

  • SHA1

    a10cc2ab476c332ca38d149566a31bba8c467182

  • SHA256

    1ac47456ec852d3a7170ee19ec23eb6b056ea4b153dd9dca456219ee28baaaaf

  • SHA512

    f70dc12bfb4c0ec536af81d55033501d37049e820017c587c07965aa6b0a0ff8d31968c373f60b62f75488cf13c5d1fc99eefe552c542b0322e19c7e43ec3280

  • SSDEEP

    24576:b1b9LJ4vKNI4/WXbOXyRetx4Mm8JjuXODIfSG1ZNJWs+K:bjLIbKPx4qJkODIfSG1/JWk

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03887e478c292d08479b127241de0aa3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03887e478c292d08479b127241de0aa3_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:2356

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\DC++ Share\RCX2732.tmp

          Filesize

          62KB

          MD5

          b126345317624479f78fbf30b3a1fe5a

          SHA1

          655c966bf7bbf96ee49c83062d30b9dba17d693c

          SHA256

          8723d2d97d52f6d3b63968594c93bf2c5b5300b306c9670be4616cb134964301

          SHA512

          d0be6d608b5f4e482287d16e6587e00be1b4390f78efc3ce63008f99be7358e65f0eef9eba330d845462b64fa7a86cc3f1395b863ad0f8d01c0b790fc2f4c02d

        • C:\Windows\SysWOW64\xdccPrograms\7zG.exe

          Filesize

          1.1MB

          MD5

          456d11dd8b59859790a6fdfa148c77cc

          SHA1

          a7b00d874d8a630f519a4a722c95ff2e4aed7e4c

          SHA256

          054e48677b66c34be470d192f07020aef0cc685cbbe10dbd97a77872b55fd571

          SHA512

          533e66221c8cb297ee39fb5342213d4e46dde9ad95e3686233c42c11717c2a24c9ff84e8feb5a271bce9caee9f71dc41e2843fd5347ea55aa537aa7bbae6aec2

        • memory/2356-119-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-120-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-115-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-116-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-117-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-118-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-113-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-114-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-121-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-122-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-123-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-124-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-125-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

        • memory/2356-126-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB