Analysis
-
max time kernel
142s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-05-2024 21:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe
-
Size
33KB
-
MD5
7e771790005bf4bd41d8917e15ee449f
-
SHA1
b4dfb1ada3a3d84ab60b1a7e13e0632fb20ca27b
-
SHA256
70f3eaa129fa11addaf5f9a2c8f4dd51b54171af82efe9d15626e94fa066da3d
-
SHA512
6beed852f9276647dcdf22c3329f6a6ede80584031e2c3d7461127986a17330e376bc5b7b7976483b309119004d40b1cbaaaa11a74eaeb5e35ecd42fa7bdd019
-
SSDEEP
768:VvTJ6v6kk5ftm4uw4yNUHOhEl23GJJRH+jcnuVTiNeVRT:tJY6kk5ftjuw4y+ssSGH1QcGDVRT
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
127.0.0.1:1177
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|'|'|
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings 7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2688 OpenWith.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7e771790005bf4bd41d8917e15ee449f_JaffaCakes118.exe"1⤵
- Modifies registry class
PID:4868
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:81⤵PID:1660