Overview

overview

5

Static

static

3

163c533ac5...18.exe

windows7-x64

5

163c533ac5...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    163c533ac5d98827946d63c57bd9e408_JaffaCakes118.exe

  • Size

    10KB

  • MD5

    163c533ac5d98827946d63c57bd9e408

  • SHA1

    69d795a0ca4dc7c34314c44f3268bba608bf7f7b

  • SHA256

    4d3652fd89824157479660204648f005f8ea35f1aca2662c2e642cf5accf95d3

  • SHA512

    46f7119ffbba1369757e65b1356110b5ee1ffa5d28df662d5f7b9c7e970949c4582049fb76c6083f29cdda1abb2db229465311e2e68042ff3123fd0667cb1ceb

  • SSDEEP

    192:IT+rm4D1NMymRMAE9IxLdUXFKV1cHVGDhsa/kgUwur:IT+KsWFM39IxIkV6t

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\163c533ac5d98827946d63c57bd9e408_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\163c533ac5d98827946d63c57bd9e408_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\DeleteFileDos.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3852
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp\163c533ac5d98827946d63c57bd9e408_JaffaCakes118.exe" -r -a -s -h
        3⤵
        • Views/modifies file attributes
        PID:3484
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\DeleteFileDos.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:816
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp\163c533ac5d98827946d63c57bd9e408_JaffaCakes118.exe" -r -a -s -h
        3⤵
        • Views/modifies file attributes
        PID:4080
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\DeleteFileDos.bat
      Filesize

      332B

      MD5

      c548e16e22665e57cc0ab0d61ca9e59a

      SHA1

      c1cc25db4ff66b018f297a04f86adf2e146eb028

      SHA256

      38ec8cd7808c406662ccd3d011a0ba4a838e155b572620dbbe5ba9c6941f444c

      SHA512

      c82dc41d79aebc63c3acc52b0652e38edca039b137ebf0b557475cad187dd40174dd135a60238aafa5bfa5790f866bcad4f9ea30e351857ec5ad27dff3d22b97

      Download Submit

    • C:\Windows\SysWOW64\riapri.dll
      Filesize

      15KB

      MD5

      4ae13fc187880d4265698e5b0b5603b8

      SHA1

      4362a23286dda62073b430b95100067a8c346f5d

      SHA256

      b47b11c9ce2d4e570024948781ddadee558e33578d3504f058b45c5b70c27c32

      SHA512

      b46457c65e164ab7923e6613295ff6077597c7d1a2db5fe3fae38eeb231561d8eb6c3046175656c560103361d4a4c6b8cc6b0475aec6d1a511ea5f01b1839191

      Download Submit

    • memory/5076-0-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/5076-15-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download