1bac255f5a7fdbbe4a6a097a077fe9f4a21b42bf81aada24be6c897133a67ed4

Analysis

max time kernel
125s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe
Size

1.6MB
MD5

1686717a6ae7c56f2989b22d4fe9d19d
SHA1

978a58e01f21240ceaa0e1f56e236ed7a2ec478f
SHA256

1bac255f5a7fdbbe4a6a097a077fe9f4a21b42bf81aada24be6c897133a67ed4
SHA512

d490a954e42e90a05d66346365abd1731aa8ee37b17a29e451477270d45043355f4211f42dafad9ad943eea095996403d4bfce9d642f14bab8f5cca68fc829bc
SSDEEP

24576:iZwHQy5Sk2DF3tm7s7PrRoNk7BZph2ROf1IegqutJQ5FeQzcuC4r6HQ:b92nSSPrRokph2RAR5FeA6w

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4844	webapp-uninstaller.exe

Loads dropped DLL 2 IoCs

pid	Process
2620	1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe
4844	webapp-uninstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x00070000000235c0-7.dat	nsis_installer_1
behavioral2/files/0x00070000000235c0-7.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 4844	2620	1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe	89
PID 2620 wrote to memory of 4844	2620	1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe	89
PID 2620 wrote to memory of 4844	2620	1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe	89

C:\Users\Admin\AppData\Local\Temp\1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1686717a6ae7c56f2989b22d4fe9d19d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Users\Admin\AppData\Local\Temp\nsxC9F.tmp\webapp-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsxC9F.tmp\webapp-uninstaller.exe" _?=C:\Users\Admin\AppData\Local\Temp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4276,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsiC8F.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxC9F.tmp\webapp-uninstaller.exe

Filesize
71KB

MD5
fa839e7f474187ac1018d0f87c480fdb

SHA1
cc87e7f0d0f6ade092b989221c7f2796d10c48fb

SHA256
a493c5fbc47bf4f4f47472378a03087271765720c9a5cfc2bb745523eeac6246

SHA512
fb469d4513d6a8405cbfdba13eafef0dcd37149e9f2689c158a712f0fa54afe9ed37fed0a01049b6b3e0195862ed711ef88fecfd3c7487dfa198cc97ccb1d2a6

Download Submit