d2c2eedbd19445c4837be5464f5988ddd0ade3417f5c1a082207b71c36192829

Analysis

max time kernel
130s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
Size

725KB
MD5

3ede7a2805a4698d1dcc25eb48e8eca0
SHA1

e579f1bda2ad449884e858f90c484563691a92cd
SHA256

d2c2eedbd19445c4837be5464f5988ddd0ade3417f5c1a082207b71c36192829
SHA512

9e3e4c1d99c90d567a711f8a7780dea9dfa6d9353b812ba351d963d9bc5d7cdc617b6368e93bd6551ac7755e134a6dbc21de0ab6793b2086db2f5ed216c5dabf
SSDEEP

12288:ekrKMCnflwZUO9DsgztGskdByuI5yV2aDF4yTMDyE1W2N7C:frK5flCUoDsgUnbeyb48F0nC

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
400	1348	WerFault.exe	82
5336	3328	WerFault.exe	91
5724	2252	WerFault.exe	90

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
2252	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
2252	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2252	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	90
PID 1348 wrote to memory of 2252	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	90
PID 1348 wrote to memory of 2252	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	90
PID 1348 wrote to memory of 3328	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	91
PID 1348 wrote to memory of 3328	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	91
PID 1348 wrote to memory of 3328	1348	3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 688
  2⤵
  - Program crash
  PID:400
- C:\Users\Admin\AppData\Local\Temp\3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
  start
  2⤵
  - Checks BIOS information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 688
    3⤵
    - Program crash
    PID:5724
- C:\Users\Admin\AppData\Local\Temp\3ede7a2805a4698d1dcc25eb48e8eca0_JaffaCakes118.exe
  watch
  2⤵
  PID:3328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 696
    3⤵
    - Program crash
    PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1348 -ip 1348
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3328 -ip 3328
1⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2252 -ip 2252
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-0-0x000000007FE30000-0x000000007FE4A000-memory.dmp

Filesize
104KB

Download
memory/1348-1-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1348-4-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1348-3-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-51-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-38-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-9-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-37-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-7-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-49-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-50-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-52-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-48-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-47-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-46-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-45-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-43-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-41-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-36-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-42-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-5-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-39-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-23-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-24-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-26-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-30-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-29-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-28-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-27-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-25-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-33-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-32-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-34-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-31-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-35-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2252-40-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-15-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-19-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-65-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-11-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-16-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-17-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-20-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-21-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-22-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-18-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-14-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-12-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-6-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-13-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-10-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-55-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-54-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-58-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-61-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-60-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-59-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-57-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-56-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-62-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-69-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-68-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-67-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-66-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-8-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-64-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3328-63-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download