Overview

overview

10

Static

static

3

735ae0b3e0...18.exe

windows7-x64

10

735ae0b3e0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe

  • Size

    873KB

  • MD5

    735ae0b3e03f102ac38f6e5dfb8188a7

  • SHA1

    f7d1ac0ed7f9b2507e06f20589b746631b07adf0

  • SHA256

    7304580f4667c8beaa430ff265a32166c6451c94d51287949be37312cad1cfb6

  • SHA512

    47ef3a839c0f23c6bbea5266238e832b57cced7509f2750936dd1e252cf9acd2d0bee44fbbea7a70562b0af8a4b1669bdacf39c20f532c8968fd6d04c6d26693

  • SSDEEP

    24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvS:BEs1lY

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\735ae0b3e03f102ac38f6e5dfb8188a7_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.exe
    Filesize

    873KB

    MD5

    77818941e879212e09037a83c2847c27

    SHA1

    978bd79d74cbe679ba06121e620a099da939f8d1

    SHA256

    847b3e2ca16331e970137ae6c8e87befad906f6c2b4403a2deef37018107325b

    SHA512

    c49419d84110441a2ad600ba62f1fc0cf78f16f58b7a4ac9dda24632084bcc095450e90300e0f8e6a197b9901a0e8c72f596efc72c12581caead3944e3bab165

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
    Filesize

    1.6MB

    MD5

    bf3d0cdfdc102b65c9cdd558e1369a9f

    SHA1

    b3eb53ed700a8bc2e5002638307b5381374db78c

    SHA256

    ff1cf028fcf8fcbc09713976b5804fb2e63124eb6986b9e372f746aed4980db2

    SHA512

    3fa5fb7f04653cbf6aaecfa5c68071a318fe724f43b7efad9640f6c99f44760fe6de0e8d0079a89ef0b97790ceca2f05bb6dc5565981c05e596ef284367c5324

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • memory/444-0-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/444-1-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/444-56-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/444-57-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download