Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 15:25

General

  • Target

    168359cb107f0a683cc3b6cc9ad3bd33_JaffaCakes118.exe

  • Size

    329KB

  • MD5

    168359cb107f0a683cc3b6cc9ad3bd33

  • SHA1

    dfa76d77846020954a103cdd464035cd352c6b3e

  • SHA256

    c2825227ad839c4b4a5b881cb27c9fcae1cd321d07401b4bd067fe8e3d84b6da

  • SHA512

    01fbc932cb0113e56a0932f0f4311a7396b920bb757b7e0e214b81831233a086656bb6aec72639793f9af15509d9a105835667753344fb9edc836207b1ce3f0c

  • SSDEEP

    6144:qtEq7FUg/iyUXe2ZsD9eBVtQRlc12iVkIFzt9TLSDoC3FHvKHM6nfT:qaQFRiym920jcc1f9x9XS335vH0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 33 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1188
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1276
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1336
          • C:\Users\Admin\AppData\Local\Temp\168359cb107f0a683cc3b6cc9ad3bd33_JaffaCakes118.exe
            "C:\Users\Admin\AppData\Local\Temp\168359cb107f0a683cc3b6cc9ad3bd33_JaffaCakes118.exe"
            2⤵
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • Modifies Internet Explorer settings
            • Suspicious use of UnmapMainImage
            • Suspicious use of WriteProcessMemory
            PID:1704
            • C:\Users\Admin\AppData\Roaming\Iquri\dybos.exe
              "C:\Users\Admin\AppData\Roaming\Iquri\dybos.exe"
              3⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of UnmapMainImage
              • Suspicious use of WriteProcessMemory
              PID:3044
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpe33937c6.bat"
              3⤵
              • Deletes itself
              PID:2820
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1872
          • C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
            1⤵
              PID:2316
            • C:\Windows\system32\DllHost.exe
              C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
              1⤵
                PID:2496

              Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\tmpe33937c6.bat

                      Filesize

                      271B

                      MD5

                      1fb599988ddabfb65bb925472bc0dcc2

                      SHA1

                      f94fbc94fdb15af2ba0c6c85fc5e1b2dcd729b35

                      SHA256

                      415d011bd8bc59da061245f039e76fba154cb724d51f3092517a3c8e216397bf

                      SHA512

                      62fe11f867f98b117d9e81249d2c0c6bd2803c2251da042884cfd5745baf62c960a6013d9bc2a0f564bb6adcc4efca92c37cb360c1b0865ce765d04a24d9585a

                    • \Users\Admin\AppData\Roaming\Iquri\dybos.exe

                      Filesize

                      329KB

                      MD5

                      0ed059b76309b57271367e1b28464147

                      SHA1

                      083c994cbae62d32a7d3c1343ddb464383e1ef71

                      SHA256

                      fe7695d72f5b34c649de720fee7ff3b57855a01770b09b3823f1d2566418d78e

                      SHA512

                      b3e9b4041588dbbe9f91634ee0a3d901b6a79827900f1f23272cd348842f11cd6259a2896f5f9a590fcf21bd82d27e1394c824ba717a2769571c811373aa9a9b

                    • memory/1188-21-0x0000000001E70000-0x0000000001EB4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1188-22-0x0000000001E70000-0x0000000001EB4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1188-23-0x0000000001E70000-0x0000000001EB4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1188-19-0x0000000001E70000-0x0000000001EB4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1188-20-0x0000000001E70000-0x0000000001EB4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1276-26-0x00000000001B0000-0x00000000001F4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1276-28-0x00000000001B0000-0x00000000001F4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1276-30-0x00000000001B0000-0x00000000001F4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1276-32-0x00000000001B0000-0x00000000001F4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1336-39-0x0000000001DB0000-0x0000000001DF4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1336-38-0x0000000001DB0000-0x0000000001DF4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1336-36-0x0000000001DB0000-0x0000000001DF4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1336-37-0x0000000001DB0000-0x0000000001DF4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-62-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-67-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-56-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-53-0x0000000000860000-0x00000000008A4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-51-0x0000000000860000-0x00000000008A4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-49-0x0000000000860000-0x00000000008A4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-47-0x0000000000860000-0x00000000008A4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-1-0x00000000003A0000-0x00000000003F5000-memory.dmp

                      Filesize

                      340KB

                    • memory/1704-163-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-162-0x00000000003A0000-0x00000000003F5000-memory.dmp

                      Filesize

                      340KB

                    • memory/1704-58-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-60-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-69-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-77-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-65-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-64-0x0000000077CF0000-0x0000000077CF1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-0-0x0000000000280000-0x00000000002C4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-55-0x0000000000860000-0x00000000008A4000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-139-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-81-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-79-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-5-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-3-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-4-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-2-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/1704-71-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-75-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1704-73-0x00000000004A0000-0x00000000004A1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1872-41-0x0000000001BC0000-0x0000000001C04000-memory.dmp

                      Filesize

                      272KB

                    • memory/1872-42-0x0000000001BC0000-0x0000000001C04000-memory.dmp

                      Filesize

                      272KB

                    • memory/1872-43-0x0000000001BC0000-0x0000000001C04000-memory.dmp

                      Filesize

                      272KB

                    • memory/1872-44-0x0000000001BC0000-0x0000000001C04000-memory.dmp

                      Filesize

                      272KB

                    • memory/3044-18-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB

                    • memory/3044-17-0x00000000003A0000-0x00000000003F5000-memory.dmp

                      Filesize

                      340KB

                    • memory/3044-15-0x0000000000400000-0x0000000000455000-memory.dmp

                      Filesize

                      340KB

                    • memory/3044-285-0x0000000000400000-0x0000000000455000-memory.dmp

                      Filesize

                      340KB

                    • memory/3044-287-0x0000000000400000-0x0000000000444000-memory.dmp

                      Filesize

                      272KB