Overview

overview

10

Static

static

3

08daebb258...18.exe

windows7-x64

10

08daebb258...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08daebb258b52bc2064d3b6754dfd398_JaffaCakes118.exe

  • Size

    157KB

  • MD5

    08daebb258b52bc2064d3b6754dfd398

  • SHA1

    5c40e587532933daa8a894f157cc006f7c7ea867

  • SHA256

    6149a753933447ae52529095b36099f3f2aff72ce1bc9b6c50e1f3cde6ab6b18

  • SHA512

    8e74b2656579ce69e42f80b5ba635466a7799a55049ca4fb71b8a808c0772dd86edb70ee6a96cf4286dff73931240b2981dca758818719ec707e9f19450976d3

  • SSDEEP

    3072:ncVsQwwVKbG3H5zdGuXhSuxHV6t59prI2ZdBpmJN/4Px28D86p9:norTh3HNdGu4uhKTprfBpmJS/p9

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08daebb258b52bc2064d3b6754dfd398_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08daebb258b52bc2064d3b6754dfd398_JaffaCakes118.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\autorun.inf
    Filesize

    126B

    MD5

    163e20cbccefcdd42f46e43a94173c46

    SHA1

    4c7b5048e8608e2a75799e00ecf1bbb4773279ae

    SHA256

    7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

    SHA512

    e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

    Download Submit

  • C:\zPharaoh.exe
    Filesize

    157KB

    MD5

    e70b1d3901004d763a38d233aa5794ef

    SHA1

    193614ed35de5875f16f285272a80029bbcd6416

    SHA256

    392f724f7afdf66132d9c482a2276272e55d81a7dc543a8750afbccaae8a6e6c

    SHA512

    e10ae0cfd99022a03d9b68f7e467bc1f22c0522599717daf218d55c89a2064902322c6bb1670fcdc91d5233c93fa03cc10b6ffe23b07ef58fd8bc393f5223586

    Download Submit

  • memory/2908-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2908-29-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download