Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 06:03
Static task
static1
Behavioral task
behavioral1
Sample
ad1924e56201e5f0fced922e3b7fc496_JaffaCakes118.msi
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
ad1924e56201e5f0fced922e3b7fc496_JaffaCakes118.msi
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
ad1924e56201e5f0fced922e3b7fc496_JaffaCakes118.msi
-
Size
3.3MB
-
MD5
ad1924e56201e5f0fced922e3b7fc496
-
SHA1
5dfee6640e1e05979850060d72853fc5738e18a0
-
SHA256
dd255f9880d43a7cd8f5b5ccf7363b3b769ff13d7dc56f070f48f66ba675f3b7
-
SHA512
6c3c2f41fe5ac6d2066ba1df7eb99675b518e94fa8c643cf6dc48557210a0c3da3e5ef098edf85c7fcbca7163d1cc60eb07bbe43b4fc0488b11038e204fd4b0d
-
SSDEEP
98304:OdzrJBMmQV9RCw2Jn9ltk3AB4Ta6o/bn:CPFZlu2N1/
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\R: msiexec.exe -
Loads dropped DLL 2 IoCs
pid Process 2360 MsiExec.exe 2360 MsiExec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2232 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2232 msiexec.exe Token: SeIncreaseQuotaPrivilege 2232 msiexec.exe Token: SeRestorePrivilege 2592 msiexec.exe Token: SeTakeOwnershipPrivilege 2592 msiexec.exe Token: SeSecurityPrivilege 2592 msiexec.exe Token: SeCreateTokenPrivilege 2232 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2232 msiexec.exe Token: SeLockMemoryPrivilege 2232 msiexec.exe Token: SeIncreaseQuotaPrivilege 2232 msiexec.exe Token: SeMachineAccountPrivilege 2232 msiexec.exe Token: SeTcbPrivilege 2232 msiexec.exe Token: SeSecurityPrivilege 2232 msiexec.exe Token: SeTakeOwnershipPrivilege 2232 msiexec.exe Token: SeLoadDriverPrivilege 2232 msiexec.exe Token: SeSystemProfilePrivilege 2232 msiexec.exe Token: SeSystemtimePrivilege 2232 msiexec.exe Token: SeProfSingleProcessPrivilege 2232 msiexec.exe Token: SeIncBasePriorityPrivilege 2232 msiexec.exe Token: SeCreatePagefilePrivilege 2232 msiexec.exe Token: SeCreatePermanentPrivilege 2232 msiexec.exe Token: SeBackupPrivilege 2232 msiexec.exe Token: SeRestorePrivilege 2232 msiexec.exe Token: SeShutdownPrivilege 2232 msiexec.exe Token: SeDebugPrivilege 2232 msiexec.exe Token: SeAuditPrivilege 2232 msiexec.exe Token: SeSystemEnvironmentPrivilege 2232 msiexec.exe Token: SeChangeNotifyPrivilege 2232 msiexec.exe Token: SeRemoteShutdownPrivilege 2232 msiexec.exe Token: SeUndockPrivilege 2232 msiexec.exe Token: SeSyncAgentPrivilege 2232 msiexec.exe Token: SeEnableDelegationPrivilege 2232 msiexec.exe Token: SeManageVolumePrivilege 2232 msiexec.exe Token: SeImpersonatePrivilege 2232 msiexec.exe Token: SeCreateGlobalPrivilege 2232 msiexec.exe Token: SeCreateTokenPrivilege 2232 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2232 msiexec.exe Token: SeLockMemoryPrivilege 2232 msiexec.exe Token: SeIncreaseQuotaPrivilege 2232 msiexec.exe Token: SeMachineAccountPrivilege 2232 msiexec.exe Token: SeTcbPrivilege 2232 msiexec.exe Token: SeSecurityPrivilege 2232 msiexec.exe Token: SeTakeOwnershipPrivilege 2232 msiexec.exe Token: SeLoadDriverPrivilege 2232 msiexec.exe Token: SeSystemProfilePrivilege 2232 msiexec.exe Token: SeSystemtimePrivilege 2232 msiexec.exe Token: SeProfSingleProcessPrivilege 2232 msiexec.exe Token: SeIncBasePriorityPrivilege 2232 msiexec.exe Token: SeCreatePagefilePrivilege 2232 msiexec.exe Token: SeCreatePermanentPrivilege 2232 msiexec.exe Token: SeBackupPrivilege 2232 msiexec.exe Token: SeRestorePrivilege 2232 msiexec.exe Token: SeShutdownPrivilege 2232 msiexec.exe Token: SeDebugPrivilege 2232 msiexec.exe Token: SeAuditPrivilege 2232 msiexec.exe Token: SeSystemEnvironmentPrivilege 2232 msiexec.exe Token: SeChangeNotifyPrivilege 2232 msiexec.exe Token: SeRemoteShutdownPrivilege 2232 msiexec.exe Token: SeUndockPrivilege 2232 msiexec.exe Token: SeSyncAgentPrivilege 2232 msiexec.exe Token: SeEnableDelegationPrivilege 2232 msiexec.exe Token: SeManageVolumePrivilege 2232 msiexec.exe Token: SeImpersonatePrivilege 2232 msiexec.exe Token: SeCreateGlobalPrivilege 2232 msiexec.exe Token: SeCreateTokenPrivilege 2232 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2232 msiexec.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29 PID 2592 wrote to memory of 2360 2592 msiexec.exe 29
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ad1924e56201e5f0fced922e3b7fc496_JaffaCakes118.msi1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2232
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 33A0ADDCC05249C10E29270F51A8CF43 C2⤵
- Loads dropped DLL
PID:2360
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
325KB
MD5f048cf239cc583f8433634acf23cae55
SHA17d3a296a05267855cc637c5bf95fe687b7a765a2
SHA2564d6efad25f62f4c34998385819e46569869b09de4d8b3f1e22dc9e8f032ed3bb
SHA512a021d559150338ef823b8749d95ac262ec13d9c9ed80d2d0d67e0d7690ae61713219a5edf88d83832ad673f0d7a1d306b49af4f07020c98bac2cfb006bcf0c53