Overview

overview

7

Static

static

3

10f3c42347...18.exe

windows7-x64

7

10f3c42347...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 16:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10f3c423473b9194eb939f0a85cb289e_JaffaCakes118.exe

  • Size

    7.7MB

  • MD5

    10f3c423473b9194eb939f0a85cb289e

  • SHA1

    c8bcc5ed1abb931477eff60ec9108dadfed41524

  • SHA256

    228e62d0e6c1bbcdee50360e9eb294fa9c1638ac6d008df08e64a7d9869f3467

  • SHA512

    e5ea45a7eb141b05b2383aa22c6012d285f405c3308d6e9cb962e5379fc31593f67863e7fb8bc08d4834a3c875f726a151bfc898557112ae2ae62d05e769ea34

  • SSDEEP

    98304:yJDYOXwnS4rVflAIDQcvwIDQnJDYOXwnS4rVflAIDQcvwIDQnm:rIslAuQtuQKIslAuQtuQ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • NTFS ADS 7 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10f3c423473b9194eb939f0a85cb289e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\10f3c423473b9194eb939f0a85cb289e_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\673.#.exe
      C:\Users\Admin\AppData\Local\Temp\673.#.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Users\Admin\AppData\Local\Temp\6.#.exe
        C:\Users\Admin\AppData\Local\Temp\6.#.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Program Files directory
        • NTFS ADS
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4324
        • C:\Users\Admin\AppData\Local\Temp\757.#.exe
          C:\Users\Admin\AppData\Local\Temp\757.#.exe
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Program Files directory
          • NTFS ADS
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4644
          • C:\Users\Admin\AppData\Local\Temp\16.#.exe
            C:\Users\Admin\AppData\Local\Temp\16.#.exe
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in Program Files directory
            • NTFS ADS
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4420
            • C:\Users\Admin\AppData\Local\Temp\307.#.exe
              C:\Users\Admin\AppData\Local\Temp\307.#.exe
              6⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Drops file in Program Files directory
              • NTFS ADS
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:4908
              • C:\Users\Admin\AppData\Local\Temp\997.#.exe
                C:\Users\Admin\AppData\Local\Temp\997.#.exe
                7⤵
                • Executes dropped EXE
                • Adds Run key to start application
                • NTFS ADS
                • Suspicious use of SetWindowsHookEx
                PID:4976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Java\jdk-1.8\bin\orbd.exe$
          Filesize

          7.7MB

          MD5

          240dfb5623192c64aeacab4e0a273de1

          SHA1

          eb330fe6ad833dd4bfedb2d308a15e80b912be0f

          SHA256

          39ce74f5a654ef84906a319a91614a8ab76f93353c931c220ee39d0a79b1b522

          SHA512

          7f25b081ba1b139c2353bb4a88839a007ba99e0ec796134611e07c6494a9c64f48e7764c5f8b98dae4a0f9e4c3edfef720cb04b93a2e51b48835415a6162c434

          Download Submit

        • C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe$
          Filesize

          7.7MB

          MD5

          9096164289a3533091be41d587731ea8

          SHA1

          ebce31f396413f0897c0ce25a95f80fb48e40273

          SHA256

          9556612a83fb01768e00c5a8b4d5d3667fb066926b99bd16829668e3ef1b73bc

          SHA512

          4ac22f6d08bb2baaf78091fc4b7f5f5c3a9b72d2fc8bffd53edda3bbe890608050c4ce5462c9eff531355a85e32bf745cd536fdf3aa696e4f83c502401b1cb17

          Download Submit

        • C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe$
          Filesize

          7.7MB

          MD5

          101f0922f735592cd82359c948f21392

          SHA1

          c7fdcb9ccb2935a285eb9e39c64db1b1e032d503

          SHA256

          3b710446285bd3f1dca95a074a0230450d6e037061cc900c2d7dba3fe27abae3

          SHA512

          0f2f48e873a58877a9ae657b493c6af3f038d1a9612cad1a66c9bf885e175f76590cfc004d83e21ff6ea25f34e12de9ec7d4e2d9e9838c2dbf783f7ee4be5760

          Download Submit

        • C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe$
          Filesize

          7.7MB

          MD5

          d4a58eb5106bc3a5842a3409dac4660e

          SHA1

          32b8f588dc265ee8ca13c24cea507b7095180f38

          SHA256

          567c3a23510b92365007fc626cd487ab7a8004d5d394f194c192a58e6f0e42de

          SHA512

          14820cc06465f61e8693ff4b005ac19a82fdaf9e8f5605777798dd1c46d8c94926f68dfda1924e5a6f6825cf14c98c8c2d982b5ed0616b7387ab63bcfcee603f

          Download Submit

        • C:\Program Files\Java\jre-1.8\bin\pack200.exe
          Filesize

          7.7MB

          MD5

          fdf95f126ea5eb5db5b513ce4a96403c

          SHA1

          df1c1e33ad6311e3e8842350727fcd1cce83e979

          SHA256

          af7b2df8a7e62cff5bd84e0b80a8ba7731a5fc677655c1e75f9a7c04502fb55a

          SHA512

          057982ba3a8a10549c5d9804a7ef5ab5b0eed4fc8be049457b6522e891d1c2de4b56a13d72814a19ecb166eb821f9e93dccdac4d1f1b9808d8f1f10261248020

          Download Submit

        • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE$
          Filesize

          7.7MB

          MD5

          89ef50bc2b9e263ac9a25ea0d8e1cf5b

          SHA1

          2907193f8d8d647d4660355c37b0ad4e08f4fb9e

          SHA256

          48d14b04fefd1bdf48e3f73dc7a044b0968826bc66f809acdd9445b81e6aa829

          SHA512

          d920fbe93ff6216245ff99fdcc43cbc2a84345385ee1e73dafdcef3e59ce49e2557685b14120b045a96f77b0ac1af3fb31cf91b111e423e00867298f4fba0934

          Download Submit

        • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe$
          Filesize

          7.7MB

          MD5

          91e37f06b7062ba7aef582eaaea266f3

          SHA1

          4b80d7e2cece7de550b605e1cd4ac1c23f8d94bb

          SHA256

          7b15655628ceb099c570bc6fbfd8feda2dec8e3a4d9bee9568782f6275dd9cc3

          SHA512

          d4fc7a51bd59b103fded06b20e2da30a898f3253db31c839b827371f33f062a2861381ec673625c93e2c4b5511f1672d4620d7ad175bca652e9a94eeafc8bfc5

          Download Submit

        • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe$
          Filesize

          8.2MB

          MD5

          68fa6144f6aabe955924fc343838d343

          SHA1

          ef90fc3ab708d20d92118fbc1109830e5985fe97

          SHA256

          4d49f04ea0253151a9cd91e4eb84deaf5f812532ad4a0cc32fa135fdd59430e9

          SHA512

          dfd79305e795a9f935c703ed01ef32ba2df4c84aecfffebb0d1ec6c39a0e80da87f03d944867b78d734c96a7f98e3f2eb1a77ae42f43c67b7723321297869492

          Download Submit

        • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe$
          Filesize

          8.2MB

          MD5

          a59f6c9977ce088595d6f0ec93010f6f

          SHA1

          2a5c459cfcb21b6cea435a485c544ac15704ebcc

          SHA256

          d54380dbc64b8e7c228f517fcfe2f17cab54ce7081b4efe252d88f9eb11b8817

          SHA512

          9fb5afa5f9045dcb16a0c4a92ef50dab9758e7afce87054c45bb9ca2af045448013771624a1367f1b426f180655f79b3cd67b0b95e52e606bceec94c6e10b376

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\673.#.exe
          Filesize

          7.7MB

          MD5

          10f3c423473b9194eb939f0a85cb289e

          SHA1

          c8bcc5ed1abb931477eff60ec9108dadfed41524

          SHA256

          228e62d0e6c1bbcdee50360e9eb294fa9c1638ac6d008df08e64a7d9869f3467

          SHA512

          e5ea45a7eb141b05b2383aa22c6012d285f405c3308d6e9cb962e5379fc31593f67863e7fb8bc08d4834a3c875f726a151bfc898557112ae2ae62d05e769ea34

          Download Submit