Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
06/05/2024, 14:18
General
-
Target
1ce4f9aa121cae10e960ecb824d787b2_JaffaCakes118.exe
-
Size
1.5MB
-
MD5
1ce4f9aa121cae10e960ecb824d787b2
-
SHA1
d659868e019c741bb80dbcf60336277bf759ea2e
-
SHA256
6d7516fe69e0dd2f9399bd04fecc0fcb3cfc7eb0a87eea799d8f7d8ada1c3400
-
SHA512
d882ad4d1276062434f81d93ea2e57477f7bb4231fb8256efd3f0a6902d3c4f9880307d8b9bd35cb04a107004e4b2014092f164698fbcf8889c4a60f7059d3f3
-
SSDEEP
24576:2q5TfcdHj4fmb22qVjzKJ9Ttrd0IT7fify/jdfcFzQJ9TtFM6VRAjdMgI:2UTsamixk5Vjd75+jdI
Malware Config
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ce4f9aa121cae10e960ecb824d787b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1ce4f9aa121cae10e960ecb824d787b2_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DMR\dmr_72.exe"C:\Users\Admin\AppData\Local\Temp\DMR\dmr_72.exe" -install -54492608 -chipderedesign -c57f807d43904bc49cb0d44f6a86defd - -1click -xtgtptwhcpoerivx -17602⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
532KB
MD5e1abe46ef5b6efea85f8dfc3e2978b17
SHA1315c622d3bf2d7c823733dc9d3f007bdc8815fdf
SHA256a014aad7f2e1cc714d15c1a6d56adc15cd7a8733ba304ed408a41d642fc1c79a
SHA5128bf46962f12cca0da7134e158643f2814d0ebcc52f1c8ae650d43af345b5841a74c1378011de75bf39c5fa839176697305748572effd868754d859a008a6a9b8
-
Filesize
127B
MD56d5e5070c62787b051bba9932e86e10b
SHA16d6335042ec71b3f12ce1f11b2a5f9aba0538b17
SHA256667000dddd4a112fdf9f4da3f5aa3b0e3949b20a973f1cec58c5f8a1017c2621
SHA5120b8213ed0f3f55008fc755fcf8c6fb5b6df84d8e002695fc2ade37c2a73cdc314ef433a0837b881215799e2a4c8915d6221b26ff8991f9a605d8e32133fc3acb
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
8KB
-
Filesize
560KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB