83cd1187f073de8901e292717784d507c85e601347486cdcdf17c142fb6c1c1c

Analysis

max time kernel
96s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
Size

315KB
MD5

0f453e832c109df6d26eec4434aafbca
SHA1

dfb5f7822306b549bb2396f85b781894a816733d
SHA256

83cd1187f073de8901e292717784d507c85e601347486cdcdf17c142fb6c1c1c
SHA512

70fb757cc4bc408f739a82bfcf81d80a97f2f5ca13d7ad8eb0cc49310d7c8ca4332fbdb7fda9db6b73bdc8bee5702f7d8739a7c705e11c60c320af5fd119b36f
SSDEEP

6144:orpbUzkuvcBYC47l2xyfalkLUsx4Y0k8ojcX/pJ2enmrIJzO1LBut0njxxuQ9U+:orakuveY3hfaaLUsx4JkxjYJ2emrCz25

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2728	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
2728	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
2728	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2728	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
2728	0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f453e832c109df6d26eec4434aafbca_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TsuBE18FD43.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C82B7CD4-F4DA-4689-A462-BCF813C85E22}\Custom.dll

Filesize
91KB

MD5
a6312af27b3d15b556341f63bce617ed

SHA1
27d5724ba3c3d14065184558a434a0e78e742edb

SHA256
432adc14aeb197e7bc24a77d29a18e82b7c02047efb3a354e0c2ce95719a8cae

SHA512
c08ec354dcd7e3455ad419d13d4cd3e748f8579b089baa9e0c0347ccd58bc80333d066fe291e5a120b58fe3603a8a084771f6d80c73c433c9b0f00931e4f3f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C82B7CD4-F4DA-4689-A462-BCF813C85E22}\_Setup.dll

Filesize
173KB

MD5
081c1ac0aaaaec8b4eb06c541a40592e

SHA1
bedb928c8c3a44942405de146c7b6bd63a438c65

SHA256
7db7c245ad224e7018f5478b3f7c4695144fe65319973c8c536840bba53e9ab8

SHA512
df96ea85e670ef0c58108d92683115480ef57174e341672edc26d111738560bbe17781a26fe62da2d9091fdfc6e1a70f1822b09f22be7893ebecd7d08dcc57b2

Download Submit