Analysis

  • max time kernel
    142s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 21:29

General

  • Target

    7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe

  • Size

    33KB

  • MD5

    7e771790005bf4bd41d8917e15ee449f

  • SHA1

    b4dfb1ada3a3d84ab60b1a7e13e0632fb20ca27b

  • SHA256

    70f3eaa129fa11addaf5f9a2c8f4dd51b54171af82efe9d15626e94fa066da3d

  • SHA512

    6beed852f9276647dcdf22c3329f6a6ede80584031e2c3d7461127986a17330e376bc5b7b7976483b309119004d40b1cbaaaa11a74eaeb5e35ecd42fa7bdd019

  • SSDEEP

    768:VvTJ6v6kk5ftm4uw4yNUHOhEl23GJJRH+jcnuVTiNeVRT:tJY6kk5ftjuw4y+ssSGH1QcGDVRT

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe"
    1⤵
    • Modifies registry class
    PID:4868
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2688
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4868-0-0x00007FF9EACE5000-0x00007FF9EACE6000-memory.dmp

      Filesize

      4KB

    • memory/4868-1-0x00007FF9EAA30000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      9.6MB

    • memory/4868-2-0x00007FF9EAA30000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      9.6MB

    • memory/4868-3-0x000000001B7F0000-0x000000001BCBE000-memory.dmp

      Filesize

      4.8MB

    • memory/4868-4-0x000000001B180000-0x000000001B196000-memory.dmp

      Filesize

      88KB

    • memory/4868-5-0x000000001BCC0000-0x000000001BD66000-memory.dmp

      Filesize

      664KB

    • memory/4868-9-0x00007FF9EAA30000-0x00007FF9EB3D1000-memory.dmp

      Filesize

      9.6MB