Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:40

General

  • Target

    a39084f6914df376a522019e89028713_JaffaCakes118.exe

  • Size

    355KB

  • MD5

    a39084f6914df376a522019e89028713

  • SHA1

    4391986d2241cab28241d335cd6cac890d4c45cb

  • SHA256

    ccb22c4efc01a9fd7d18e544628da418685c943732f659cba88eeeceed27b349

  • SHA512

    f62705e6a9d2b1fd404dc43b0421846425093de2cab5bce86150c50fcacfe6178d42011c99394b6ab08070b4001e4a9b1f81ebaa1b23ee866698222e8cbe48c5

  • SSDEEP

    6144:k3EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:vmWhND9yJz+b1FcMLmp2ATTSsdS

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a39084f6914df376a522019e89028713_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a39084f6914df376a522019e89028713_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34b9aa547174dd8ecc01d16ce76760c8

    SHA1

    e4b06ee38ebc1e5ae93aa58bb5a7db4a1e21e192

    SHA256

    b3d49669e4bc500e382eddef86dbe778776f64679502bdae4fe9e59a384a14c8

    SHA512

    54af03e9e53eb96b0644c1f5f308a11de12fb69af3b069e7240fb735082b7b0fde444486d25e2d3f0c061f73f882e24b160bbdaee0d582a8b1e636738cfc1772

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd3e57f6c4b4df1cf6f0919250c8ae4f

    SHA1

    3e959ab89869e8519d82be5bd19f97b65bddb4ba

    SHA256

    d864df46dc3f1b0c0ca51787ce18147e4027209b79b4b9b176cb4c9288e9c677

    SHA512

    179130a1c0b60c38ef5dcf723eec4a3606dbd849f37cf4955d788c7345a3a2c7fae5d4bebfbd2570e1403f14ce2acf7d1e9f07c6c49e83955dd877add36c5309

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    4d563486335fdc5574a4d83b296689ea

    SHA1

    75b04accf31308a60a691b1c420bc8cde6ee245a

    SHA256

    45b1f251367a4e2fda89914899a44fa9bd19c187e7f04a417814c1b48677a5c4

    SHA512

    dc1cd59cff49a150bc674129ddd279a6ab5afde4e914abb6a75c52364a6d732621fd35eae31541b71dd4ac663fb13143d7cfbf80fdee0379fcfb4c314b9304b2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\login[2].htm

    Filesize

    168B

    MD5

    d57e3a550060f85d44a175139ea23021

    SHA1

    2c5cb3428a322c9709a34d04dd86fe7628f8f0a6

    SHA256

    43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c

    SHA512

    0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\login[3].htm

    Filesize

    593B

    MD5

    3b03d93d3487806337b5c6443ce7a62d

    SHA1

    93a7a790bb6348606cbdaf5daeaaf4ea8cf731d0

    SHA256

    7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

    SHA512

    770977beaeedafc5c98d0c32edc8c6c850f05e9f363bc9997fa73991646b02e5d40ceed0017b06caeab0db86423844bc4b0a9f0df2d8239230e423a7bfbd4a88

  • C:\Users\Admin\AppData\Local\Temp\27A8.tmp

    Filesize

    481B

    MD5

    12f50053664cdd3cc8020b078b403904

    SHA1

    e39f540b8d4606f987ba719fe1eb25411521d2a3

    SHA256

    6daa7fe705913b1b35f696da59a96df1a4e979eb5730006b1a41ee095d5f1c23

    SHA512

    84da0be496e99e297a323df6552dd46c377335cb5b00c49fecee52ceef8795ecde9e3a9f2b3998ca753dc112c7c6d8bd286f67ef8563e968b674e97d06ce890b

  • C:\Users\Admin\AppData\Local\Temp\4B38.tmp

    Filesize

    23KB

    MD5

    d6d66e6f7f6f3d5cc40393f85b729a12

    SHA1

    4b108d295b84c4736f9bf7b7a90030128843e787

    SHA256

    5c0ed9d97aa87b31e6f9d811c88c0fa4c1964dfb3ce5b44c579db596cc6e518a

    SHA512

    286567bd1273f86ba3aac853b3c1a05bb0d4f9d3e8514324c97138d32cc74dbdcdf729c70bc61c7ed722bb6e5ccb79091771ea838849f0b97bdfc34622b50171

  • C:\Users\Admin\AppData\Local\Temp\4B3B.tmp

    Filesize

    481B

    MD5

    ea3baf7875469fa626bf2a54100bd3d7

    SHA1

    ff476f57dfd56ca3d68797d4ea804bb222d7bf92

    SHA256

    f25a6f6acbf6e0e6a5c3892c988f7c45c636c6419092dec879ae7f379cc5e049

    SHA512

    43cb1c0d11ceed73e908715fd5cc8f01a30d9c090918911195dc47d22c5cf6f810ad287d16da0d028195a9bb410c630eaa52d4954fa085f4e2ea7ec03a388aec

  • C:\Users\Admin\AppData\Local\Temp\4B8F.tmp

    Filesize

    42KB

    MD5

    290127cd26e5771fe036568295e5efcf

    SHA1

    c9cd2babe3aa967b4127d38544487921c1ce3ac1

    SHA256

    75cf0a3556d86a9ccaa61abb49373f3127dc8a08ef443fa307d08745dd72ae6a

    SHA512

    17dbb63a78f338a6ec403a7fb6661b8dafb745901f654243e229dc463c21ef966e3632c0082747b5a9d11170961986bc770a04b876e86daaf3dfd2a7ce4c0d8c

  • C:\Users\Admin\AppData\Local\Temp\8792.tmp

    Filesize

    593B

    MD5

    926512864979bc27cf187f1de3f57aff

    SHA1

    acdeb9d6187932613c7fa08eaf28f0cd8116f4b5

    SHA256

    b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f

    SHA512

    f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

  • C:\Users\Admin\AppData\Local\Temp\88CE.tmp

    Filesize

    457B

    MD5

    531ec87a0b2f9477a52d88b111d0d46a

    SHA1

    50a72e5752075309f91c062e0282a7e7cd1e751e

    SHA256

    4875b451859b1eb8d0d3b040b1bb8d654d212edb6d9c721cf0f4372129579385

    SHA512

    07994963fd76b31ef0ba2c7f418dcb3ee0290f6baca2d8ec63a6e6b861557b13fbc20d2f0a10a66f35c4d72d4d2c1920ac88b96174604f2f8856868912327da1

  • C:\Users\Admin\AppData\Local\Temp\Cab3A27.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar3A39.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar3B48.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\AppPatch\svchost.exe

    Filesize

    355KB

    MD5

    aafd74693a3d9d5c7cc23d0883409e0b

    SHA1

    8d28031d642f36ea93379ae30a0f8c855ab680b7

    SHA256

    c052822fd31a804910534d180c7bc15ee9018ed450c707d0067a93166a19b89a

    SHA512

    2a44d5b21e2794e3315c7e6777d5f2ca7b5b254878654d7e77715a8a9d94f28a722974023efe886058e1296482b1f53eb52b9c904e6e7a557acfe5171a75a4ce

  • memory/1244-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/1936-57-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-47-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-78-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-77-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-76-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-75-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-74-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-73-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-72-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-70-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-69-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-68-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-67-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-65-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-64-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-63-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-62-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-60-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-59-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-58-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-38-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-56-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-55-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-54-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-53-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-52-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-50-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-49-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-48-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-66-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-46-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-45-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-44-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-43-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-41-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-40-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-39-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-71-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-37-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-61-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-35-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-51-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-36-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-27-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-33-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-42-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-34-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-32-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-452-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-30-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-29-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-25-0x0000000002360000-0x0000000002416000-memory.dmp

    Filesize

    728KB

  • memory/1936-16-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1936-18-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1936-20-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1936-24-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1936-22-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/1936-14-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB