20fb0c6663e04ecc8c7fcb7d0eb6f6ce47f554e058eaf548910a9b554c9ce0df

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe
Size

259KB
MD5

63e775c146b88e23a5bcce673082b335
SHA1

895f0720eb8740e7fc3a059866a5ca60cf05a372
SHA256

20fb0c6663e04ecc8c7fcb7d0eb6f6ce47f554e058eaf548910a9b554c9ce0df
SHA512

d8ebce867bb85ebec887904074e1ab67b8b5e9b8fa1c4790cc313ccf5a3fe2f8fe0407b23e627695b3eefded445fb9b31828fd237842584ffb657ead10cb3225
SSDEEP

6144:p1f3p4J74B9NW1L9yM3OMO6tEjsV+wD8+O7TiVsPJWY:nh4l1L9DJOCuQ+Y3O7TiVQJWY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Dreary Redemption.exe

pid process

2792 Dreary Redemption.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2792	Dreary Redemption.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

Processes:

63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe

description ioc process

File created C:\Windows\Tasks\SocialTrust.job 63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\Tasks\SocialTrust.job	63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\63e775c146b88e23a5bcce673082b335_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2892

C:\Users\Admin\AppData\Roaming\Dreary Redemption\Dreary Redemption.exe
"C:\Users\Admin\AppData\Roaming\Dreary Redemption\Dreary Redemption.exe"
1⤵
- Executes dropped EXE
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Dreary Redemption\Dreary Redemption.exe

Filesize
64KB

MD5
e9650ee6e2306733e83fece09145b571

SHA1
74b8995b233f4cfca73e809a465b5ca7b7e4341a

SHA256
f6f4e105a0b179ef768b5e2e6ff2048f63b74d9fdf7a6d36018747cd669283e9

SHA512
4ae78a5c31e64b19f6444189c1b63bd86dfb2888b06a86c957b70b79bdfa9488a51e36b9160d45bd92cfb28fbf4072f2cfa7ee5014fa465dc46e75b99593eb33

Download Submit
memory/2892-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2892-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2892-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2892-3-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2892-4-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2892-9-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2892-6-0x0000000000160000-0x000000000018F000-memory.dmp

Filesize
188KB

Download
memory/2892-18-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2892-14-0x0000000000250000-0x0000000000277000-memory.dmp

Filesize
156KB

Download
memory/2892-25-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2892-28-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download