59f307a133ee6b237a588352415eb6998b0fe8f1583ed2f5673082a7c603e70d

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe
Size

94KB
MD5

595813dc8d5df5b9aa2707b1ec894eee
SHA1

0e7d6bd4fa80efb5dbe9e8ad34eac6e7d5ed5c5e
SHA256

59f307a133ee6b237a588352415eb6998b0fe8f1583ed2f5673082a7c603e70d
SHA512

fa7bee07cb11bf5050db86f218426ad9a4582b602fff50647634174b23303f048cefbeaecf1422b5c43e7aa683e7a9e11c82e6fac613df2bde7344c624f42d4c
SSDEEP

1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh70:tiAyLN9qa+oEGrWViJSzIR6JJrWNZm

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2564	WwanSvc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2564	1624	595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe	85
PID 1624 wrote to memory of 2564	1624	595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe	85
PID 1624 wrote to memory of 2564	1624	595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\595813dc8d5df5b9aa2707b1ec894eee_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1624
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
94KB

MD5
cdc64f504593976783f4b60ec6b52a14

SHA1
da00fc8237c098c5731b59891b634adcd1370602

SHA256
9fd711200b3319eee2da64446d9cc4844c22b02bdf3553528c6e40ecb02495b8

SHA512
ccec6c3dc635fd686740ac1d67650a8c05f929db45d6671e8246715f6ffe868988acfbd0ba31924f48aa5fc1ed999881f7640fa375ac7b10158c68613c9de423

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads