Malware Analysis Report

2024-10-10 12:07

Sample ID 240613-qddd4szeng
Target a5b2d140f899092e456b127681ffb1ca_JaffaCakes118
SHA256 10a9b395f1007751129b98a364e41097b4759865c17baa70d7cd1a8645967011
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

10a9b395f1007751129b98a364e41097b4759865c17baa70d7cd1a8645967011

Threat Level: Shows suspicious behavior

The file a5b2d140f899092e456b127681ffb1ca_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Checks installed software on the system

Maps connected drives based on registry

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:08

Reported

2024-06-13 13:10

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 r1.getapplicationmy.info udp
US 8.8.8.8:53 c1.getapplicationmy.info udp
US 8.8.8.8:53 r2.getapplicationmy.info udp
US 8.8.8.8:53 c2.getapplicationmy.info udp
US 8.8.8.8:53 c1.getapplicationmy.info udp
US 8.8.8.8:53 c2.getapplicationmy.info udp
US 8.8.8.8:53 c1.getapplicationmy.info udp
US 8.8.8.8:53 c2.getapplicationmy.info udp

Files

\Users\Admin\AppData\Local\Temp\Tsu3489592C.dll

MD5 af7ce801c8471c5cd19b366333c153c4
SHA1 4267749d020a362edbd25434ad65f98b073581f1
SHA256 cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e
SHA512 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

\Users\Admin\AppData\Local\Temp\{00AC47AC-EB31-4F21-ADCA-A313DB4F655A}\_Setup.dll

MD5 e991f79040937530c20ae0db2f74e4db
SHA1 6be9fe304687ac1c9ae4feae500eb7f683c27e86
SHA256 ade2b71ba0f45678470346f25803d1822ab7cf072b122b91f0a8feead799c87e
SHA512 fd069a1658006a4f0ada522bfe93a9a30f3ff058b54803556c8e6d0b3d1d3944072e2c2a5d0c5342986fc8af955abec3d974bea0a944e69e2c3e682954283790

\Users\Admin\AppData\Local\Temp\{00AC47AC-EB31-4F21-ADCA-A313DB4F655A}\Custom.dll

MD5 0842e2723fff1f80955c9dbd38019c75
SHA1 bea88c3fe74817b048951bd218e70d9dead617d9
SHA256 d71cea96d49b48f8702337d01681b2f144aca8acb56a699b9599106c11cc7458
SHA512 28acff8e01224291aa67f57b2d514db84a79fc2cf7ed28ed2e2cecbdf070fb3b1cf52e295a9412641422338f78d86fc6ea21d835a8de21565a8f53d24c604b02

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:08

Reported

2024-06-13 13:11

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

58s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c1.getapplicationmy.info udp
US 8.8.8.8:53 r1.getapplicationmy.info udp
US 8.8.8.8:53 c2.getapplicationmy.info udp
US 8.8.8.8:53 r2.getapplicationmy.info udp
US 8.8.8.8:53 c1.getapplicationmy.info udp

Files

C:\Users\Admin\AppData\Local\Temp\Tsu391C6757.dll

MD5 af7ce801c8471c5cd19b366333c153c4
SHA1 4267749d020a362edbd25434ad65f98b073581f1
SHA256 cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e
SHA512 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

C:\Users\Admin\AppData\Local\Temp\{B72D7F36-83CB-4D3E-AFD5-CBE96CCE5DC0}\_Setup.dll

MD5 e991f79040937530c20ae0db2f74e4db
SHA1 6be9fe304687ac1c9ae4feae500eb7f683c27e86
SHA256 ade2b71ba0f45678470346f25803d1822ab7cf072b122b91f0a8feead799c87e
SHA512 fd069a1658006a4f0ada522bfe93a9a30f3ff058b54803556c8e6d0b3d1d3944072e2c2a5d0c5342986fc8af955abec3d974bea0a944e69e2c3e682954283790

C:\Users\Admin\AppData\Local\Temp\{B72D7F36-83CB-4D3E-AFD5-CBE96CCE5DC0}\Custom.dll

MD5 0842e2723fff1f80955c9dbd38019c75
SHA1 bea88c3fe74817b048951bd218e70d9dead617d9
SHA256 d71cea96d49b48f8702337d01681b2f144aca8acb56a699b9599106c11cc7458
SHA512 28acff8e01224291aa67f57b2d514db84a79fc2cf7ed28ed2e2cecbdf070fb3b1cf52e295a9412641422338f78d86fc6ea21d835a8de21565a8f53d24c604b02