Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 01:19
Static task
static1
Behavioral task
behavioral1
Sample
657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe
-
Size
322KB
-
MD5
657f1fc40183ac47404cc19095df5478
-
SHA1
e651ded6744962131e68ada2bfc435b27e40cccd
-
SHA256
15c9d2a373aeae9743850794c540e6b425412b33a4a81e4fd76f06966304e8f9
-
SHA512
e18f9d5606a3241432c91e267b664df5a9fc9a48452fb87ebe81b7f2111a016d04aacf1a5d62b0ab4b3dcb6d83813ff80b688be495a53c1f97c1b4ec61d486ed
-
SSDEEP
6144:kA8rMT/vvMb6IYC/ItOwEH91g2gSrvNQd4QYZRNF:yrMTUpjJrCaZDF
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Narcissistic Bevy.exepid process 2292 Narcissistic Bevy.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
657f1fc40183ac47404cc19095df5478_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum 657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum 657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
Processes:
657f1fc40183ac47404cc19095df5478_JaffaCakes118.exedescription ioc process File created C:\Windows\Tasks\TrafficMaster.job 657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\657f1fc40183ac47404cc19095df5478_JaffaCakes118.exe"1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Roaming\Narcissistic Bevy\Narcissistic Bevy.exe"C:\Users\Admin\AppData\Roaming\Narcissistic Bevy\Narcissistic Bevy.exe"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Narcissistic Bevy\Narcissistic Bevy.exeFilesize
64KB
MD55d4f38c29dc5621a8e73a5157f5432d1
SHA1efac1b4104eb2edbd6e64b8d75f4aa1d29aea990
SHA256081ea5efcdbff580f808e746bcd260a723991bcb23eec8ed024eda81f6a47ce6
SHA5129da4714307fe698f2c622f40943d00878d81a3b981137f50b061ba5625f75968b1a2f449e15d61623f9923f757c05ed9517e3b68c96d85c25b5659feaba16979
-
memory/3068-0-0x00000000014C0000-0x0000000001500000-memory.dmpFilesize
256KB
-
memory/3068-2-0x00000000000F0000-0x000000000011F000-memory.dmpFilesize
188KB
-
memory/3068-9-0x00000000002A0000-0x00000000002C7000-memory.dmpFilesize
156KB