Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 23:30

General

  • Target

    a71d3613016780d00c82f4fb96975956_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    a71d3613016780d00c82f4fb96975956

  • SHA1

    43841dc474f6da972b5a6be8705fcaa942084836

  • SHA256

    5be2fab6e4c7b734dff715f7a02bf69e00703f57819b71c6758d259469fa77f3

  • SHA512

    4ba41c576dc7adad058bdda870eda0a13380a8151ddb88992d5654256fc5235711acc8c1e56bec55417036b18716e8b9fcd28a35c8b4615f3ca9c32ba547643e

  • SSDEEP

    24576:vmUNJyJqb1FcMap2ATT5qmUNJyJqb1FcMap2ATT5qmUNJyJqb1FcMap2ATT58:vmV2ApqmV2ApqmV2Ap8

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a71d3613016780d00c82f4fb96975956_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a71d3613016780d00c82f4fb96975956_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      PID:1036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    603725e30a7141f7e80ed0e036bb4f66

    SHA1

    6803b37265f12f370780524b553add558eccf10b

    SHA256

    92de41738f52bb7b12be6e7f7b78a3c88f8491605db0181636bad5ba630e5fcc

    SHA512

    b58e826afffbad204ece7498c48a43aa10536fc9cb1e80aba64427480e833db1f604b39f3ec1c0392a6de437a70e9f758fc9638ee6c60a4ebade36894a026416

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bfe90a422c92353b8c18547fc99fa63a

    SHA1

    ec666b3a13eaa07ac30d8e33abd5b317d62ab44d

    SHA256

    0cca88dd1d91c7298ada6ff1e4612bae1c5a9f505d1fcf6c69d92047764303b6

    SHA512

    373bcd2dc9273fbae71742e73613250a7de555ce56e0ee30545dee4968236856df65f944e9373190aa0c035c116dd6a7035d81cdc12278eabae63eb5f4c0fe12

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\login[2].htm

    Filesize

    168B

    MD5

    d57e3a550060f85d44a175139ea23021

    SHA1

    2c5cb3428a322c9709a34d04dd86fe7628f8f0a6

    SHA256

    43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c

    SHA512

    0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063

  • C:\Users\Admin\AppData\Local\Temp\1687.tmp

    Filesize

    593B

    MD5

    926512864979bc27cf187f1de3f57aff

    SHA1

    acdeb9d6187932613c7fa08eaf28f0cd8116f4b5

    SHA256

    b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f

    SHA512

    f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

  • C:\Users\Admin\AppData\Local\Temp\17E3.tmp

    Filesize

    457B

    MD5

    531ec87a0b2f9477a52d88b111d0d46a

    SHA1

    50a72e5752075309f91c062e0282a7e7cd1e751e

    SHA256

    4875b451859b1eb8d0d3b040b1bb8d654d212edb6d9c721cf0f4372129579385

    SHA512

    07994963fd76b31ef0ba2c7f418dcb3ee0290f6baca2d8ec63a6e6b861557b13fbc20d2f0a10a66f35c4d72d4d2c1920ac88b96174604f2f8856868912327da1

  • C:\Users\Admin\AppData\Local\Temp\6BE2.tmp

    Filesize

    102KB

    MD5

    d009607ccca269d33269a27eb0de4dfb

    SHA1

    fa9e28ee4af51798f88220069d73aaa083acfb76

    SHA256

    9783306afbef94fc6487872d0073e62b3d92db87bc22de78535eee418593d35f

    SHA512

    239dea322e3e6fc815dda0955e849682ec7c1d021ca6da30c831b6b1b17045f7f7c59fc32c355ec34385097664f6f7896af1eea581785648ddf606891415d76a

  • C:\Users\Admin\AppData\Local\Temp\6BE3.tmp

    Filesize

    481B

    MD5

    7a82442a4385433a5c1ac255a23e56cb

    SHA1

    0e04c3d4983bd925bafc95a31cb9564b97fdb786

    SHA256

    16840ba232d9f5e1c3e0719f66091feb4a71eee52f12d4e60df3fcb68847b45a

    SHA512

    0dedc7c9d009287d2523c5c9cbe15d1f26d765c72222eca780cddc5be0a6a2f07a47a7106b906c6c8b9ef18edb2359149effcc500f9f83cf320899cf2380b759

  • C:\Users\Admin\AppData\Local\Temp\CabCB00.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\E002.tmp

    Filesize

    481B

    MD5

    251b2d1cbecb171a5c7b9d40e9455030

    SHA1

    80fc1230d92be2d647549996008d651bc533f18d

    SHA256

    aad19d728ac689f8427001f7339cccceacf57dc273bf94c0c463d30622cee672

    SHA512

    845bff179d403c2bbed2612056a907f964ec82011940221ecb844ad9361ce51c88efe9623727ab904d753ed3d59b7488fc59b95c35cb3680a61387570d758052

  • C:\Users\Admin\AppData\Local\Temp\TarCB41.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\AppPatch\svchost.exe

    Filesize

    1.0MB

    MD5

    2619e0f3d09010b85d70e12d187f78d1

    SHA1

    9aeb6d5be944806166e24e622175f0ae7cdd9ae5

    SHA256

    2e26454bd413f1ae36eb12064a91f2594add0d87e8df0a15bc96aed0a535c1ca

    SHA512

    1bbfb94c8b054b5205d77a405c2a9a99be5067e90e741261479e20cb135ecc3aeef70e7e4fe7ff840f12b46d663f29600074698d8aad5c5e0bfd83941b32b243

  • memory/1036-48-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-40-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-59-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-77-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-76-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-74-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-72-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-71-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-70-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-69-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-68-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-66-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-65-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-63-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-62-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-60-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-57-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-55-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-54-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-52-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-51-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-27-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-49-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-30-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-46-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-45-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-44-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-42-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-41-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-58-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-37-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-36-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-35-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-78-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-75-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-73-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-34-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-67-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-64-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-61-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-29-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-56-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-33-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-53-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-50-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-47-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-43-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-39-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-38-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-32-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-199-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-25-0x00000000023E0000-0x0000000002496000-memory.dmp

    Filesize

    728KB

  • memory/1036-17-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1036-14-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1036-18-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1036-22-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1036-24-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1036-21-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2124-13-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB