05e5473e10797f096366a96c26388734692c2463682381ed6faed016f017a272

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe
Size

257KB
MD5

ae901f0dd81e1ca92cb8958347a39602
SHA1

5f140c1acd034b289f3b1ad372e666be0871cd08
SHA256

05e5473e10797f096366a96c26388734692c2463682381ed6faed016f017a272
SHA512

4bb41bc201dfa357a1ba3fd3c545885b7193f0f8ee95cc27b15bc2a971922526249ffce3bb15fa57669e8ed12a042ef4ab8e0303e1e45dbfc1e2472646efea4c
SSDEEP

6144:luon0sAuu6ijxfibTzTD5DB4UrZCelY8gqCn:lwsK6bDDtHrw58gqCn

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2612	Religious Gratitude.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\MusicMaster.job	ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae901f0dd81e1ca92cb8958347a39602_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2536

C:\Users\Admin\AppData\Roaming\Religious Gratitude\Religious Gratitude.exe
"C:\Users\Admin\AppData\Roaming\Religious Gratitude\Religious Gratitude.exe"
1⤵
- Executes dropped EXE
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Religious Gratitude\Religious Gratitude.exe

Filesize
64KB

MD5
347191892a8ba640b6b7918d32f5de29

SHA1
a9196a7034837814ecee4d91cb68e7eedc860853

SHA256
b59323ff9dfc5c99e870e105c379e94c485a72424b8bec03a6dffe0dc6279011

SHA512
6fb759d6a5e4821663a27fb29f83d679fb9408788f0060d47b8a74c998c457f8d5762ab3122fccbf6256cf9e03ef9f613d3be3e2bb9bafaeb96de2f44e1eafca

Download Submit
memory/2536-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2536-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2536-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2536-3-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2536-4-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2536-5-0x0000000000160000-0x000000000018F000-memory.dmp

Filesize
188KB

Download
memory/2536-9-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2536-16-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download
memory/2536-12-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/2536-26-0x0000000000110000-0x0000000000139000-memory.dmp

Filesize
164KB

Download