105633f1a9e627b5b64c0e0d09a5c551c8eae5fd37d178376088697337cbe0ef

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
Size

304KB
MD5

65eb461c0e25b8cd7ae91c926c7ae01a
SHA1

324b520805a62dbfaac6a9ace496862ad37e3820
SHA256

105633f1a9e627b5b64c0e0d09a5c551c8eae5fd37d178376088697337cbe0ef
SHA512

0d774ebd7d71499abdd29763215a10371b23e5bca17a746d76e7b7a216bbf31a78dde670a4cdf412ecbc1b40b68184edd3cd02d98e9bf833eed1873ab0160473
SSDEEP

6144:Trkw6Y0JQBkQRl7174NpNUM+UHs+tPvpqvpQAy+L9hMk+W60z4RRW9:Trkw63yRl1uqM+gs+tPvEpPy+rMzu9

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4552	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
4552	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
4552	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4552	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
4552	65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65eb461c0e25b8cd7ae91c926c7ae01a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu1A78B8E1.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FE365F63-24AD-4F98-AD73-6C8F25D57D95}\Custom.dll

Filesize
73KB

MD5
56a2a892987268718445147b7ddd0a98

SHA1
d56fe3883d4d286322981ea07d027554ad52a955

SHA256
5a5245919bb55d392a5e45563af2dc22a15a48a6e9e70b964b7ce339eb02a40f

SHA512
ef0d74fb6747006f9c997e6a43beb4de7cf72fc19000d7949da2c1a6251b9c07aa0c082a549a0b3d3e4a2f5a62682e0346ff8234457ba385488ef874fc600401

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FE365F63-24AD-4F98-AD73-6C8F25D57D95}\_Setup.dll

Filesize
167KB

MD5
dc4d3ad609418f3941a2b5321944f80b

SHA1
b00e079e20a7d6bb3695407063b16a56b9de4eb0

SHA256
1681c8e8a8233e3f564afebe035cb912f367233a855046241433ddd06abf17bd

SHA512
291bc20ec28faccf8080150e9ff98ebcbc4a6e81290ba36367ab3c77d8dcf7be437a6eaf47586a527665332d185b41f78b6850d756a370db69a95da8425e349d

Download Submit