Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 18:50

General

  • Target

    a1d53ded2dd2f7982ee54c0710f1d4ed_JaffaCakes118.exe

  • Size

    339KB

  • MD5

    a1d53ded2dd2f7982ee54c0710f1d4ed

  • SHA1

    20c690ed4748d95780c8c60c1a09c296bd663a5a

  • SHA256

    372e30dd35885550123f9d0e9282151fe547aa61c096ae954429740d70f0002b

  • SHA512

    2e32dba84dc831dd549fdc347726768289caa65c8d85641d3042792cce90020decbdb46d45e9924d9bd0cd939e8525586f4025cbb8bdbf4734ba65f40f36c2ed

  • SSDEEP

    6144:JuFJ09IPbKItFd8IZzj4QXLT1lrWmOwdP/Wi/PanG7va+:ZIHCvQbDlOw9OyPaoC+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1d53ded2dd2f7982ee54c0710f1d4ed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a1d53ded2dd2f7982ee54c0710f1d4ed_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Users\Admin\AppData\Local\Temp\beeifecjdh.exe
      C:\Users\Admin\AppData\Local\Temp\beeifecjdh.exe 2#2#8#1#0#4#1#7#9#5#6 LU5BQz0tODErLRotUU1BUEVDNicbKUxDTFZPTkpCOzgrHi08SFNQSD00LTAvNCkfLz9IPTQrGi1OSk5EUUJNVkQ+OzAtMjQzHyhKQExUQ0peVU5LNl9vbm44Jy5zbnUnO0BNSStMTlApQElHKUNMREcfLz9LQjpGQ0I7GC5ELTwmKBspQjA1LDEcLj0qOCcvHidDNDksKhcqPjM7JTAgK09LRj9PQVJXT1JFVTo6VDceLUhRT0BUPEtaP1NKOTwgK09LRj9PQVJXTUFJRDZqYGxnX2QkMiwsHikrZ210WXVpITEpal5sY2NmJDIsYlpnb29wYx0xMG9zbltkaSMwKDQuLC0pHC0qZHNkayUuLx4pKx8wLltxYV8fKDxTP11TSks9XmRsay9qYSxbbm0rcl5rcGosY3BkICtEUTxaPUtCREhOQTwZJkNJUVJXQVJLVkw8TTczHidTSD1NRFBKT11TSks9HC5PRDgsHi08UjE5HyhJUEhSR0VEX1NERTpKR0NHRUBHQVRLQzgaLUdLXlJRTU1ASD87cmp0ZRwuSzxPT1BMQU1HW1RMPE1ZQj9RUj0uHyg/RD5DVjUwICtITFY/U0w/RUhDW0RHOk1TTlI9Qz1iYGVqYBotQkdWTkhOOjtaQ047Ki84KjAqJykzMSwpMTIcLkk4TTtKSj1LX0VNTEs8Rko7bHF1YR8oS0RHQzspMzQ0NC4nMS4uHidDT1NNRUY8Pl1SQUxFOTAqJi0wLTAoMDUmMjMoKzQyLiJPTQ==
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2784
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2700
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2600
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
        3⤵
          PID:2760
        • C:\Windows\SysWOW64\Wbem\wmic.exe
          wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
          3⤵
            PID:2756
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 368
            3⤵
            • Loads dropped DLL
            • Program crash
            PID:2528

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\81718218224.txt

        Filesize

        66B

        MD5

        9025468f85256136f923096b01375964

        SHA1

        7fcd174999661594fa5f88890ffb195e9858cc52

        SHA256

        d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

        SHA512

        92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51

      • \Users\Admin\AppData\Local\Temp\beeifecjdh.exe

        Filesize

        538KB

        MD5

        414ca68096786397f155d633555090ff

        SHA1

        a606ee5818f05a0aafa29dba839ce33184d381fc

        SHA256

        ecca7e207947afd7cd3e30b130707047576bbd0980cfe4be58d9e7c91a661297

        SHA512

        7b499850d173bf740a9fc9f69c87139ec24c7cdded79bbe2fbc6bff44005e5f26cfccb6db436929cbaa396676b040f8d31fde4ae662dc00a3f20455f5d3ac898