Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30-04-2024 17:21
General
-
Target
0a31f5fc650f2b93a36a1c095714b78a_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
0a31f5fc650f2b93a36a1c095714b78a
-
SHA1
71b3367011357f8f66c50cee1dc3e331e631933d
-
SHA256
796d20b44f82b2f28d9f1da9055e1ff84c2e8ac85447b9a53c3f6e8937a54897
-
SHA512
02742e500fe70ddd5bdff9e6a0ab1b50a679590eab168034a07aca92f58dd539f294561ee3f631716a64c2002ff90a78595fd678e0ec9c7fb307e9843d0a4d75
-
SSDEEP
24576:wQ1bLFCAXperrOUj6k7ZqC30n5HOUZxfHQAPGuIHpc:wQ1bLk7ZxMdRkp
Malware Config
Signatures
-
NirSoft MailPassView 4 IoCs
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView 3 IoCs
Password recovery tool for various web browsers
-
Nirsoft 7 IoCs
-
Drops startup file 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 33 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a31f5fc650f2b93a36a1c095714b78a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0a31f5fc650f2b93a36a1c095714b78a_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LOICIIdVHRBHLgAYeZUAi.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LOICIIdVHRBHLgAYeZUAi.exe XDPQQHAWGNcYLJHXUWA2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe- CmdLine Args3⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\\Mail.txt"4⤵
- Accesses Microsoft Outlook accounts
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\\Web.txt"4⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
474KB
MD5349c42d8308b6f5ca3cdf0fc43fd6c9c
SHA1829b046f2e2cb726d2382ccc40ec08b3b9662cd8
SHA2561ae7cc71c034ae9ee1ad343306305df4adff07ea5aa0e61e0b05d06712971a5e
SHA5125ee6576127884da6fdfca68bbf8f0ab5bdf9d892bbbcab3b9b61134c8ba33504b7e68a447f29fab3bf75d9371a47859e090dbb9081aefdc4cda794f1ecd7c29d
-
Filesize
38KB
MD51adc42dacd12c3ed14f5dfab6bd96aae
SHA1987b4c38d608b0a7f663556a791814e3ae5e6f4d
SHA256192bcaed67e7817bb3f201afc150ba7b58ad8d1860e2d89c0aca5d9976368fe9
SHA5120afef56895e79b1c210f2e3678e9b63697040ff9a15089efd1f28784a64d1bed771bc724ee9d828ba0601a2f99f346b2ee3714e00cfcaa87aa488842969bcb45
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
732KB
MD571d8f6d5dc35517275bc38ebcc815f9f
SHA1cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
SHA256fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
SHA5124826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59
-
Filesize
4KB
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
108KB
-
Filesize
4KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
1.5MB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB