Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:25
Static task
static1
Behavioral task
behavioral1
Sample
a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe
-
Size
322KB
-
MD5
a359fe3dc135be89d08409790d1da367
-
SHA1
0cb246b74cf0caffce2ed60f04a42dea70bb2f09
-
SHA256
113231d5d49c6ed4f8dfac6ff8f392f45a14cb570cf8949bd2bd2ad574122990
-
SHA512
95f0093f6b3c0dbf05eeb0b0ef7a23a38f3da817794f7e81ee6d9fddd3367963f8a412b8771adbaed766625962aa8c39ac3c7fec9e591661057703807197c7ad
-
SSDEEP
6144:xb/bVljGXRqfTSM19JpWUo7+YbL9tMEB/e7QgAduu6:xb/jGhYr7Wb+YfjMERe/cuu6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Involved Wisdom.exepid process 2656 Involved Wisdom.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
a359fe3dc135be89d08409790d1da367_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
Processes:
a359fe3dc135be89d08409790d1da367_JaffaCakes118.exedescription ioc process File created C:\Windows\Tasks\RndFilter.job a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a359fe3dc135be89d08409790d1da367_JaffaCakes118.exe"1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2844
-
C:\Users\Admin\AppData\Roaming\Involved Wisdom\Involved Wisdom.exe"C:\Users\Admin\AppData\Roaming\Involved Wisdom\Involved Wisdom.exe"1⤵
- Executes dropped EXE
PID:2656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5783bfa6f161a64d24d465629d589538e
SHA168cca6b63bd43e0223d0125b69a948eac8880dc0
SHA256b29e6f504fe6fc0b9a06c3170b9ef2cd3c3a6ff3d3810c576b712f62017c07a3
SHA512f3c71fea28099fc55fa8ce28e7212b28d0b5a17101ba3783b2eb40a402a15484cb6f8f9af1fd8796f98eec58e135b4ec5be2ffcae6a8f6ca0c8f7930ac06a3ce