Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:34
Static task
static1
Behavioral task
behavioral1
Sample
a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe
-
Size
258KB
-
MD5
a3615ffe08022d1a65788165d225b994
-
SHA1
7955d93eb06b94ed4e063f79580390cf56f2e72b
-
SHA256
243a4c86b52a60d0704895225c9e277e32c86bbd2873696f207076a0467ad3e0
-
SHA512
1278eaa45683a2a3e31568a75e8c38198c1f14854e0188d233e15a5116c182926597b6133b9bb1900c15c2743fb0ec48c60d7d46e875844fa98d9714941bedf7
-
SSDEEP
6144:8wyXAg0HSQfKgNn4v5/E0JQCnwrQXGlKq:7g0HdNn4vxnwrQXGlKq
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Obnoxious Quiver.exepid process 2716 Obnoxious Quiver.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
a3615ffe08022d1a65788165d225b994_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
Processes:
a3615ffe08022d1a65788165d225b994_JaffaCakes118.exedescription ioc process File created C:\Windows\Tasks\ViewCounter.job a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a3615ffe08022d1a65788165d225b994_JaffaCakes118.exe"1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:1796
-
C:\Users\Admin\AppData\Roaming\Obnoxious Quiver\Obnoxious Quiver.exe"C:\Users\Admin\AppData\Roaming\Obnoxious Quiver\Obnoxious Quiver.exe"1⤵
- Executes dropped EXE
PID:2716
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD55d54e3c1a5cfbae832fdf9fb1ad9ea85
SHA17045ba6c0c6b3cfce880fbd0d9acdc123a228abb
SHA2567fbce6875886c119dcb7b2fd926823b327435cf5e5cc8bc971a0121b4f325807
SHA51208cb1ea15ae5ffc36cbaa8e16ab84ca5c2277872cc4b8624232d1f949d72f0b387b45eb62f12ff237c745fea7043ded6d11a26a81c4b7cc9255770d462e378f4