a2d1c5e464e39868d32b5918c9c44dc995e30e9896c7db4d3436111e2347607a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe
Size

219KB
MD5

b04647bd0718afd8c11cd417989dbbbd
SHA1

e835ca4bf06ff1833a9384c52e0a476a8fc30597
SHA256

a2d1c5e464e39868d32b5918c9c44dc995e30e9896c7db4d3436111e2347607a
SHA512

2f34ba22dfeb6f24edbf9ac3ffd239e4220aa8b8456f7591ae6167f8466e30158dc3b399e481a4fee4750af0ee9b92aa36e29ec776f9a42c0126e6855256fe41
SSDEEP

6144:crOm88KNj9RAOdXemeyf5rUF1+IOT5920L:c6m2NRCO1eyhUX+IOa0L

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	Fresh Honesty.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\GetInShape.job	b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b04647bd0718afd8c11cd417989dbbbd_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2416

C:\Users\Admin\AppData\Roaming\Fresh Honesty\Fresh Honesty.exe
"C:\Users\Admin\AppData\Roaming\Fresh Honesty\Fresh Honesty.exe"
1⤵
- Executes dropped EXE
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Fresh Honesty\Fresh Honesty.exe

Filesize
64KB

MD5
26834701ff0af5260c16ab30bbc957bd

SHA1
75def59b3141e71e92acd1c016f1db0cb000a28a

SHA256
e54de938b03584171ff6071cdf90aaa547f1a6f1a91f48428971b0f9f1546293

SHA512
0fb069d389e267649c875c5b5594f49afc39aaa2312e8b90650a2b1c5812104fb1e12bc82b94a85d64daed552981b5d7c510daed7aa36b823d61c7d677be393a

Download Submit
memory/2416-0-0x0000000000130000-0x0000000000162000-memory.dmp

Filesize
200KB

Download
memory/2416-1-0x0000000000170000-0x000000000019F000-memory.dmp

Filesize
188KB

Download
memory/2416-5-0x0000000000130000-0x0000000000162000-memory.dmp

Filesize
200KB

Download
memory/2416-17-0x0000000000130000-0x0000000000162000-memory.dmp

Filesize
200KB

Download
memory/2416-13-0x0000000002A50000-0x0000000002A77000-memory.dmp

Filesize
156KB

Download
memory/2416-21-0x0000000000130000-0x0000000000162000-memory.dmp

Filesize
200KB

Download
memory/2416-24-0x0000000000130000-0x0000000000162000-memory.dmp

Filesize
200KB

Download