Analysis
-
max time kernel
155s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 21:42
Static task
static1
Behavioral task
behavioral1
Sample
9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
-
Size
40KB
-
MD5
9c07b7fbb93700ee3309dce4d3ce6cbe
-
SHA1
252ab3040fd46279f34501b2772ee0294a89f84f
-
SHA256
7141b4d7594262026b952176c0cc1819e28f11e43320eda2aa69d8424d920117
-
SHA512
e0b82e44b39030b1531b0196ae58c9243fb4e52281215f0fb00e7b92555971dbdaa35d2da78ed432334937cec38d756a5c3a4df045269a3a1bc747abc037167c
-
SSDEEP
768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtH4P:aqk/Zdic/qjh8w19JDH4P
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 5008 services.exe -
resource yara_rule behavioral2/files/0x000800000002325d-4.dat upx behavioral2/memory/5008-6-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-13-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-17-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-21-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-22-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-26-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-30-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-97-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-148-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-329-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-363-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-376-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-392-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-399-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/5008-407-0x0000000000400000-0x0000000000408000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" services.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\services.exe 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe File opened for modification C:\Windows\java.exe 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe File created C:\Windows\java.exe 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3324 wrote to memory of 5008 3324 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe 90 PID 3324 wrote to memory of 5008 3324 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe 90 PID 3324 wrote to memory of 5008 3324 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3324 -
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:81⤵PID:4784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
185KB
MD59dbcb3d85968f4c16eba3de096b1c198
SHA1f779b7ee5a1f6f88361e1db3d72952d5c2961a1c
SHA256e2cba66355d41f91adc7eb215ac29c91ebba5b7901f1672681e5c73eeb555259
SHA51235b78e1c1e98431257593de397ef5ad524a95699e58d915c02929bfa0c2233227ae0d8e5432c7b2074b455f88538b52a07f2cacd8105a5905460d05ebb4fa9bd
-
Filesize
1KB
MD5ee4aed56584bf64c08683064e422b722
SHA145e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6
-
Filesize
155KB
MD5b2ef8d4a3506b9ecbd396cc159a3f0d7
SHA12940ecf5cfe5d226ed9e7f9e47f8eb4190d408bb
SHA2568244eb46dd5c295989e22ab2b5b13ccb56f0e8e777569b64229a6649f48140fe
SHA51261f7f9cbfe527e9476b75cbf1df0cd780daf7424403bbebc9a10b6ec575f0740e2a0d3e2ecb8fc7c50393d26f6bdd6cf6f1fcdcf827bfcd78a6c7f893c47fb76
-
Filesize
66KB
MD53d465334995b8a6d642b9470d55819e8
SHA1281cd5f10e78bdd33b9b3ac390b2e2c3fdbf9230
SHA256a36b089de17532dfd38a5054dc38cf331e8ef2d79337449daae523de735a6505
SHA512eafddc82753b90cc2ca5bca96be0374878390f8293d2caffe1a42404774f3624639b67d02cadeb801bbf704aaeaf2fe008308feb31341503155a41273829176b
-
Filesize
1KB
MD5211da0345fa466aa8dbde830c83c19f8
SHA1779ece4d54a099274b2814a9780000ba49af1b81
SHA256aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA51237fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca
-
Filesize
25B
MD58ba61a16b71609a08bfa35bc213fce49
SHA18374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA2566aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA5125855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1
-
Filesize
40KB
MD58cdb0bf2fffb85d6b872ab040bfe5087
SHA1ae9141c5ebd6ec0f2fe7ae8cdc1b38854b3262e0
SHA256553e436a8c137e738d34c2a17dd034976f1e5b936ce0c8b109daddaaf541163d
SHA5121ebfa25e30d11cd4131eecd9791b54a4ef67e50c182461beb12bedc375e97e1d58fb1940ff7bcb8dbb9dd40d492c8f9014b4d89c547b27f903ed005930b80207
-
Filesize
1KB
MD50fca6b7ee107cf97e0acc2c30314456b
SHA1269b187140557cadd750b71ae7e1fcec247edae8
SHA2562492d92f1a150b6043bcaf1a36870a34d9fbad18213bd0d68ee1c6e7f2851a61
SHA51211154c5b955b809e4c0e92ba3e35a3d87e5128343619708dc8749d2e20af6188834a93eca37fe0db5387a5e219a7d965a1bfc95ffa06d012cd2b0a59adca04d8
-
Filesize
1KB
MD506e633d6753eb9a2e5fc9f7b8074600a
SHA1a05af4720e5dba57aaeac41500335f884886cdf7
SHA25647be518fd066979c4d46556386fdc3247405a2c0f3ef621f7d9990f9604bff1c
SHA51238c06212fcb4beb8de97958e5ef149c3be69c3c1f3ee647001f50031803cdab170f800a81b5a5a3ccb91e0bb1d748f0668bc5a95fc8d522a2efede7b9d43e9a8
-
Filesize
1KB
MD5f7035a8554a7583df6b7ce4c0ceffe7f
SHA13a4f9f310799c42b6c32a5971817a52824fc1494
SHA25688bd18a79dadc4005e335760a29e23e9c319b01c4369e23f27f4f5ae902f78f8
SHA51219b0c198acd84a13cbf74fd2727a3e8adb4b6782dbfc7f6a446979dd3d8c7f49eeb8b6c604459cbbe8fa207ef4658069f2de9ce8e90f304f399ce03d20330924
-
Filesize
1KB
MD57e248261355f24abe6fe3d62a0ba0f77
SHA106f01cb9a2800a4588c1449eaf28c2fbe54d0265
SHA2566d02f3f3a4cef730f655c67a1db17f8cf104d02e2c44d09a0972886e22698b88
SHA512f3ad2def668cceeaa21938d2b2046a8f2be6b30beaaa48d9626cc10a1d2fd72f3c2474a657db8ae3abf51406e7cd742055aaf8997f103dd7d13d0b236d907c7a
-
Filesize
1KB
MD50083dd917dd333e764b8b46afd60a19c
SHA162b18cde3b760ea27876318cb81ee847ba8d3b63
SHA25657d61073681abebe6f70beefd7499eb1dd9ff2bddf487e9c54314292102fd21d
SHA51237b85dc930c2a4b656373dae026a526b9b2b6563594cd2e35665681577833c90f9ec125a8da7aee0c48aa4ca2460cf295164e3bf98ad56d7f3347e7eed4a3ce1
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2