37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe
Size

6.0MB
MD5

45183ce88f648c6b3fc0f7ff86e6bd22
SHA1

df01007565c6f9abcab5514309dffb79a2b0764e
SHA256

37d973a6b74b1919aab1518708fa91d14792b4218dc177d339c51e88d787535c
SHA512

45d214e36cab3809f8b722701822603a7eb6be9c5b58f6803f2dab8be5d923f19f92cb274749d4283f5c98a41f8561c3bc0e34f0288dbc4de85412d84d108e54
SSDEEP

98304:13fWCZEpaxdPBcaSWPVsF4qFyweY7WS5uOWf7GXKMdIY4EdlUflG0G7AGIPlZg:13+oPjPOa4FHyF8WSAP7M5d5CKPWlZg

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2580	netsh.exe

Loads dropped DLL 3 IoCs

pid	Process
1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe
1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe
1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28
PID 1040 wrote to memory of 2580	1040	45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45183ce88f648c6b3fc0f7ff86e6bd22_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\netsh.exe
  "netsh.exe" firewall add allowedprogram "\plugins\WechatBackup\WechatBackup.exe" "电脑管家-微信聊天备份" enable all
  2⤵
  - Modifies Windows Firewall
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd22AF.tmp\SetupHelper.dll

Filesize
1.4MB

MD5
e4df5c7f58d5e0ccbbe7a6e74fc449ad

SHA1
d0c92b3b78cd5fa61ce51b770565aeb488610c43

SHA256
af55cbbbd681182226c5e854470a05ea8ec6242a30d28c61ce9c20b968088db8

SHA512
5f7456f107df50809bd504e46cd4f5cc43764e683fb14dbcd03c1e6ab5ea5868c0279ed52c8aa5c1795e7928335b9ac07c31c228333dcd44dbb408f04ce2619d

Download Submit
\Users\Admin\AppData\Local\Temp\nsd22AF.tmp\System.dll

Filesize
11KB

MD5
b9f430f71c7144d8ff4ab94be2785aa6

SHA1
c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

SHA256
b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

SHA512
c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

Download Submit
memory/1040-9-0x0000000002840000-0x00000000029AA000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads