Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 11:57

General

  • Target

    02056ed212e69f8fe4322037bac8e7aa_JaffaCakes118.exe

  • Size

    204KB

  • MD5

    02056ed212e69f8fe4322037bac8e7aa

  • SHA1

    d695dac5b5676d571e151958f6fdca6f4623f850

  • SHA256

    4e301402587dfe4e37dbd92f7f10c7c05eb9223daaff983ad51fc639e06f82d7

  • SHA512

    e43e5e244dfac140a44accc7316a75d271b24d1596371eade1ccc6ec44c2757849b6b43fa5275c580a418910fb002e100fe9bd72d690426520b42644dd5ad5cb

  • SSDEEP

    3072:FuCGl07/N+du2jJkSwxdh/UvuqTsiXIGsDVP5sTsKMsrnQHJmTS9P:JGl07M0xP/UvuqTdslBKx2a

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Modifies registry class 60 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02056ed212e69f8fe4322037bac8e7aa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\02056ed212e69f8fe4322037bac8e7aa_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\18AF.bat
      2⤵
        PID:292

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\altcmd\altcmd32.dll

      Filesize

      180KB

      MD5

      cde348b07c9137fa05ba756a91bf9981

      SHA1

      8955298c0ca7f6ca9681c84953b63920740ead69

      SHA256

      13cac9992d926a85116e11a135107836d6698a3f851cdcd979262d7d2d6e4830

      SHA512

      10a74a330cfd6dbe3785cdcb37a897b705655fd5eaa63ea38f4d84930f8e169157220868f52eb9e0418e2c52637cf646d0464de53c30be6143dd2820da25b10b

    • C:\Users\Admin\AppData\Local\Temp\18AF.bat

      Filesize

      259B

      MD5

      e2a5752ddfd5bcb099f586d1d980ce0c

      SHA1

      ef28ce8318c8de917b105de38dd48d4b90021c52

      SHA256

      5d376f1cf12848603f78d915d264565980a7295daef22f1aacec9817b9f08b89

      SHA512

      ac2bf56ece9286485081730b1b9147d9b21a04d8e59550fa86a39d861781de2bef0d308aabd0aa357352983e797350bd3859f76f458c3bbd22635450f0d89f77

    • memory/1196-17-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB