Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 02:27

General

  • Target

    a3886dbfde20c880148a39e8ef2e8fd6_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    a3886dbfde20c880148a39e8ef2e8fd6

  • SHA1

    8a76bd9e0bfbf4b9d22c108a591be2708916347b

  • SHA256

    80ed75a5132447c1be1c6f4c30ebc8e069294d7f6e62e3fcaf8802b8bbe23907

  • SHA512

    b3a67b0563ad621b43eb29dc67165bf32bb0c34994733a6bfc9df0334bbe1b9377ad1e6bfcf406a784662a223c00ba8aa3c7bed2557d8b8c667cd86272e1d03c

  • SSDEEP

    24576:NmUNJyJqb1FcMap2ATT5PmUNJyJqb1FcMap2ATT5PmUNJyJqb1FcMap2ATT58:NmV2ApPmV2ApPmV2Ap8

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3886dbfde20c880148a39e8ef2e8fd6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a3886dbfde20c880148a39e8ef2e8fd6_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\8B2C.tmp

    Filesize

    481B

    MD5

    6a6b1d832f40cd6cafe377e69619de79

    SHA1

    de4c9d0760f6e0ce15f54e86ec77d1e9d81b48ad

    SHA256

    1a1a8fbf5ceedc3211652fcd9227349beb9d8970c548e54f7b4c6075238da010

    SHA512

    30d070f1ebe8529ba211910b92fe3b9584b2eee9617df07dd6f71012aa87a5b3212e2e95f3955653015720f4911dea6c0d2852e385a2a43f01eb7fe5d7f87277

  • C:\Users\Admin\AppData\Local\Temp\Tar9A01.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\AppPatch\svchost.exe

    Filesize

    1.0MB

    MD5

    e50a34fd92e3580b0a5ad56dfda3e94e

    SHA1

    5ec869b1749df4923c390ceecc20960505222ea4

    SHA256

    4e3d937d00ac6e304fb1957fad41632aba71f2f445d4fe805efdb56bb6a199a9

    SHA512

    559322b28f6613fc382ab413327775ff8d0ec94c0b2d3a4c801da734e414275d6ea84c1410a66a3df9399399ca462bff1fea678c2e819343e35afff2807d686b

  • memory/1972-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/2348-14-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-20-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-24-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-22-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-18-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-16-0x0000000000460000-0x0000000000508000-memory.dmp

    Filesize

    672KB

  • memory/2348-25-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-27-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-29-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-42-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-75-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-77-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-76-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-74-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-72-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-71-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-70-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-69-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-68-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-67-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-66-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-65-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-64-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-63-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-62-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-60-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-59-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-58-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-57-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-56-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-55-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-54-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-53-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-52-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-51-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-49-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-48-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-47-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-46-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-45-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-44-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-43-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-73-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-41-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-40-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-39-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-38-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-37-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-61-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-36-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-35-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-50-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-34-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-33-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-32-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB

  • memory/2348-31-0x0000000002390000-0x0000000002446000-memory.dmp

    Filesize

    728KB