Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 03:21

General

  • Target

    108e9934b04e62f29361fa23c57023a2_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    108e9934b04e62f29361fa23c57023a2

  • SHA1

    63b3ec1d09687a1051403e92f0f146e06e8eb7d5

  • SHA256

    8e7e171f1f84d83de0e174bca33baf72289a7d90645d2079c26238e0dbbf18f7

  • SHA512

    521be4c56a2a0fbde1cc87796bf267f9638fd2f7ef33caad482d1ae1a7a458f9c57e10ed7fe3632f18439c613701376da28fa2e27296107cdc7d0d96256461f9

  • SSDEEP

    6144:lhKKXGaHs5jiGVKkblgCEjocdK4kU5qhxdo:lhq8slTVKslgUqK41wDdo

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1064
      • C:\Users\Admin\AppData\Local\Temp\108e9934b04e62f29361fa23c57023a2_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\108e9934b04e62f29361fa23c57023a2_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1932
        • C:\Users\Admin\AppData\Local\Temp\108e9934b04e62f29361fa23c57023a2_JaffaCakes118mgr.exe
          C:\Users\Admin\AppData\Local\Temp\108e9934b04e62f29361fa23c57023a2_JaffaCakes118mgr.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1996
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 100
            4⤵
            • Loads dropped DLL
            • Program crash
            PID:2084

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\108e9934b04e62f29361fa23c57023a2_JaffaCakes118mgr.exe

      Filesize

      60KB

      MD5

      94f2f6ffbba8e7644668b51b39983916

      SHA1

      63357bbdf90101969117983dbc0d4ed0e713c4d7

      SHA256

      ede7603855cb37082c241c720a6650988c684eb3bcb263e5dd7b457458940fed

      SHA512

      d04430ceac70c6fa71d07d9ee82ac2bb5e6c0641d5c9e7e5a3ed39d342e8b198f367676516a55f0653e0b88635a027b9ad220e223145b8be8df281bb6faf7156

    • \Windows\SysWOW64\mgking0.dll

      Filesize

      114KB

      MD5

      21c8f7083a59c407226363950804c4f8

      SHA1

      8a6b1d0942afa365ab4b7cd0e82c13bd9cae2524

      SHA256

      015fc0b2cdaf8c7f2fd3b0ee1a0e03e1c4589ef21c1781a60a8ce90a8e16bde5

      SHA512

      eb7253e85f77cc45c02bfbab25cd0324cc4b59d484bf8807561f69edfc69713330299308aace3ba3671b34bc9c852d42344d5f5c64181184f2f71bd7ced782f8

    • memory/1064-21-0x00000000024E0000-0x00000000024E1000-memory.dmp

      Filesize

      4KB

    • memory/1932-1-0x0000000000400000-0x000000000049E000-memory.dmp

      Filesize

      632KB

    • memory/1932-19-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

    • memory/1932-24-0x0000000010000000-0x0000000010084000-memory.dmp

      Filesize

      528KB

    • memory/1932-25-0x0000000000400000-0x000000000049E000-memory.dmp

      Filesize

      632KB

    • memory/1932-27-0x0000000010000000-0x0000000010084000-memory.dmp

      Filesize

      528KB