Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 13:58

General

  • Target

    846328c9641705a25e245812690346b7_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    846328c9641705a25e245812690346b7

  • SHA1

    9c512753df6d03547d668e995914b09a14e06d52

  • SHA256

    a6fbbdfd4727a94119a43866f2997b8b0b319a391bab2830d8a217517f882196

  • SHA512

    d04edf39b9918aef444f333b60692dd0d6e6a8451a9e0f9f0084552b2bfacbcee9ecf1d2a9bf54156f6ecf6f3f70807f6e9e79e967e25ec010d8529ca12ea4b3

  • SSDEEP

    49152:CgWFAS1CetCGJTt2MOSzSAUXMQU2NjXJw0FmWYSx4SJvJ7ZRLeduQ:ut1T9t2MOSfmMLWjXJw0FmWYQvJtgduQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\846328c9641705a25e245812690346b7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\846328c9641705a25e245812690346b7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\nsy148B.tmp\MediaPlayerInstallerStuff.exe
      "C:\Users\Admin\AppData\Local\Temp\nsy148B.tmp\MediaPlayerInstallerStuff.exe" "write_patch_str_to_reg" "C:\Users\Admin\AppData\Local\Temp\846328c9641705a25e245812690346b7_JaffaCakes118.exe" "HKCU" "Software\MediaPlayerApplication" "zerker"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 128
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy148B.tmp\MediaPlayerInstallerStuff.exe

    Filesize

    115KB

    MD5

    18226dce3f8a67d3ed65c2d1a9f3b348

    SHA1

    59e983233a0c9ae32348fed758b14ec29cb1f987

    SHA256

    c748afc480f03f7e24b3eba8306ef108da235c39ee134a744363e2c22ed7afea

    SHA512

    46a18c49829afa289795ca4dac85931d60d60a1e52238841ec288d18c802aa2be6f8b3f14130ea25f86c73c37f89875b9b6f4743dcb05959e83614ad1c8b3efd