201cfa8e6cdc8edc3f8cac47bd4231e4e8c18b1033e839f4e338840b68045d42

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4186b6666739bebf89f51054633fcaec_JaffaCakes118.exe
Size

237KB
MD5

4186b6666739bebf89f51054633fcaec
SHA1

3ce353e25701585f38a95b957534f5122f4f89f1
SHA256

201cfa8e6cdc8edc3f8cac47bd4231e4e8c18b1033e839f4e338840b68045d42
SHA512

f070ca891e8ce8c71521d510fb08b2bc9b319623a21ba4dd6e96d378ad45e7a4953dcf40dc671fe97ce06e7c173bfb24213fad812572a17c4877fe3bc7af38c2
SSDEEP

3072:4bFZBpiJrsZnWSulEobukNhYNcPygJHc0VG25KRiYS2OarUSEJH/86DVJAknokaK:4bF3pSwJPqukpPy6jVGqx+rPE3T1aMp

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Executes dropped EXE 1 IoCs

pid	Process
2972	buhrkyf.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\buhrkyf.exe	4186b6666739bebf89f51054633fcaec_JaffaCakes118.exe
File created	C:\PROGRA~3\Mozilla\oxnqgnd.dll	buhrkyf.exe

C:\Users\Admin\AppData\Local\Temp\4186b6666739bebf89f51054633fcaec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4186b6666739bebf89f51054633fcaec_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:4260

C:\PROGRA~3\Mozilla\buhrkyf.exe
C:\PROGRA~3\Mozilla\buhrkyf.exe -pggkiil
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\buhrkyf.exe

Filesize
237KB

MD5
1b9f402e66185935347e7fc48c2d1db2

SHA1
4f25f57a502ca314ea2b213db8e4bc7926a3bc75

SHA256
9d769e93f927f8a35f4035fdf43b41f8afb6223bfc904819cf556691839a0c27

SHA512
091d516b99037bad1ad6313957e6eefd50096ddb2e21caafd738b9a63fda6793ee47929319d9ebfe4c94f9bbed2a9b4e457a0111faa5118527560300f6791830

Download Submit
memory/2972-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2972-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4260-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4260-0-0x0000000002090000-0x00000000020EB000-memory.dmp

Filesize
364KB

Download
memory/4260-5-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download