Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 07:33

General

  • Target

    040ff18b515119bac92de538e18db109_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    040ff18b515119bac92de538e18db109

  • SHA1

    f56b1876808d4a82fcb6561fce00c351d746461a

  • SHA256

    b5169b36f6067ef634dfa9bfe66c9ea0693480f0762a22c45720553315751479

  • SHA512

    fda5f6fca0d832866b27829ffe9ed7c0eaa4d7b1dbcce5adfb89eca1629f1d557d6bb69680c31a239bf750ac6e8fb640d3465180f64cf6fd3d00ad561a565251

  • SSDEEP

    192:4wND/1KGapJl038Lde3BfLL8x3TTjhvlEsdnSao/s:4Qz1rw1LdeBnOTjhNEmL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\040ff18b515119bac92de538e18db109_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\040ff18b515119bac92de538e18db109_JaffaCakes118.exe"
    1⤵
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\delt.bat" "
      2⤵
      • Deletes itself
      PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\delt.bat

    Filesize

    329B

    MD5

    ed58dfd87e0e4f70542aa5984587465c

    SHA1

    0c2b8ebc4d9bfd4cc1e3f10987298bad6afa8dc2

    SHA256

    688349e3f296fd464a59c2edc16ec68ba1f8a14d8d50fef9cb155c2c7a2d43bd

    SHA512

    0a9c94ec5677b085d31bea2ea7cc801a22eb6fa0eb68f4869692f80b27b8c0b21be4be46f7e7e6b67498fb4a8f0d9d137c565b9bfc3e8faeb6b7d57235a778bf

  • memory/3028-9-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB