Overview

overview

4

Static

static

3

4519353649...18.exe

windows10-1703-x64

4

Resubmissions

15-05-2024 07:41

240515-jjclfaff64 10

15-05-2024 07:38

240515-jgfkbafe78 4

15-05-2024 07:26

240515-h9jxrsfa2t 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-05-2024 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45193536497856842273bcf3ba3eed80_JaffaCakes118.exe

  • Size

    360KB

  • MD5

    45193536497856842273bcf3ba3eed80

  • SHA1

    9936812c27e92c8f7f7183ed3a8730ea1c6e167b

  • SHA256

    9bf59f52f58052e0644fc5d0a8e9efcc8b7db586a365bd8611228c42ed4d0332

  • SHA512

    3ea4cb9916f01b00d7dd73fef6a9006d1c521a225037a44a136991d98db1a0abb74fbc2a09dd2905e2404ca2956382dbb274e346e84be99bdb0377a3ca44f785

  • SSDEEP

    6144:gZtBZh5vTOAWJx4u1l05Lpm+SemsrbK9XbgwJU2WWIBReISOuO8I:Qn7vSr4+sLwRnXbg4U2WWyN

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45193536497856842273bcf3ba3eed80_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45193536497856842273bcf3ba3eed80_JaffaCakes118.exe"
    1⤵
      PID:3660
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3164
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1880
      • C:\Windows\System32\ksdydr.exe
        "C:\Windows\System32\ksdydr.exe"
        1⤵
          PID:1372
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WatchSuspend.mov"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:4404
        • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
          "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\GrantExport.ppsx" /ou ""
          1⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:3116

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3116-38-0x00007FFA7BB40000-0x00007FFA7BB50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-26-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-208-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-27-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-209-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-28-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-210-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-211-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-25-0x00007FFA7E860000-0x00007FFA7E870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3116-37-0x00007FFA7BB40000-0x00007FFA7BB50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3660-0-0x0000000000560000-0x0000000000564000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3660-6-0x0000000000560000-0x0000000000564000-memory.dmp

          Filesize

          16KB

          Download

        • memory/4404-24-0x00007FFA9FB40000-0x00007FFA9FC4E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4404-22-0x00007FFAB0970000-0x00007FFAB0C26000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/4404-21-0x00007FFAB1460000-0x00007FFAB1494000-memory.dmp

          Filesize

          208KB

          Download

        • memory/4404-23-0x00007FFAA0250000-0x00007FFAA1300000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/4404-20-0x00007FF76B520000-0x00007FF76B618000-memory.dmp

          Filesize

          992KB

          Download