Overview

overview

10

Static

static

3

735ae0b3e0...18.exe

windows7-x64

10

735ae0b3e0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe

  • Size

    873KB

  • MD5

    735ae0b3e03f102ac38f6e5dfb8188a7

  • SHA1

    f7d1ac0ed7f9b2507e06f20589b746631b07adf0

  • SHA256

    7304580f4667c8beaa430ff265a32166c6451c94d51287949be37312cad1cfb6

  • SHA512

    47ef3a839c0f23c6bbea5266238e832b57cced7509f2750936dd1e252cf9acd2d0bee44fbbea7a70562b0af8a4b1669bdacf39c20f532c8968fd6d04c6d26693

  • SSDEEP

    24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvS:BEs1lY

Score
10/10
persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Renames multiple (93) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.exe
    Filesize

    873KB

    MD5

    f15205fc7e01291a383177c44623c903

    SHA1

    e23c6d6abddcad9a7c8a039ff504cf9c362c9278

    SHA256

    cfdaebaa10821301fb81f65c19e9e43f47b7e2bcf2931fb3877964d82273ba6f

    SHA512

    5476fe7987b91b13b94ef80a52d87678e02b06a84c0be4a2cd8740aaff55468f1f17de5cbfb01ae6f85591866d0afe5a5fe83b2717a7bfe269d54296e8694d3a

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
    Filesize

    1.6MB

    MD5

    250b1243d7c60d79079a1598932fb6e7

    SHA1

    e6ccda63b0ad9721d51ac293297bde1ecedfe8db

    SHA256

    b3807f778aa1e37853b162704ff2ca3bd4a607c019afc11a975d45b997535853

    SHA512

    5e971cca5f697a6eac76af90ed20a1270f9a544b7aef3bb1c0437de67794669ec493bb8c03f9091ed13ec510a5848d142a264914153f15298c1fdaecce811bfe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    6a2cfa345d8a9d048189358a99bf1fc6

    SHA1

    deeca308a7cd0f52e35a865a300136474983be21

    SHA256

    5358b473c48095aa8e2cf4bceaa497f34ff1eebae904dfc91ed186b2ddd52d03

    SHA512

    40860d2f67435fe7d30339ecb889bede891ea3944a030820748a6986947fbc6bbca84c0a8bc63337cef48bd5d6eaf6c31d9f9c22207741d82dab46b620931358

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • memory/1248-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1248-0-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1248-230-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1248-231-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download