Overview

overview

10

Static

static

3

16f9024910...18.exe

windows7-x64

10

16f9024910...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16f902491090535d69774895fde63bf4_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    16f902491090535d69774895fde63bf4

  • SHA1

    f7273cac1b3ed08cc15275a5eb3a6771daa6b91b

  • SHA256

    76869418b743d0c1c2ff4241f62f2ae0c63af1233dfb577eb71baad3be896f96

  • SHA512

    1a32ec1437b121956a0a366ffa93511b42c17a59b032333482fa5eea5b462805772f02014a808a95f7dca48e050d23cd5c4305a67c37624c4441acafe12ac691

  • SSDEEP

    1536:ylUNYw+Awk9/0WmGOq4OroRm2oO0jYlcwrLpdUGvd:yxAws/ldrom9cDr9OG

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in Drivers directory 4 IoCs
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 26 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 48 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 7 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 40 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16f902491090535d69774895fde63bf4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16f902491090535d69774895fde63bf4_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in Drivers directory
    • Event Triggered Execution: Image File Execution Options Injection
    • Adds Run key to start application
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Windows\SysWOW64\net.exe
      net stop cryptsvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5076
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop cryptsvc
        3⤵
          PID:2372
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
      1⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      PID:3296
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4160

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
        Filesize

        290B

        MD5

        33d563b3d8989cb393030706ce00039f

        SHA1

        29bb2ce3489790498b03780e555dce3ee7157dba

        SHA256

        ab9f044d8161f906023bcecf3749ae35c17917f0dfe12e95092f996ee2247648

        SHA512

        9b13ee78cc392ace226e0cdbbbae6329ea180cacac94ed1f5874d370c7b4a4a15ddffb4cbb5214187ab15ec5eac4a7b4a3f4e8d8636d9ad0b7272705f0b6eaff

        Download Submit

      • C:\Windows\SysWOW64\drivers\IsDrv120.sys
        Filesize

        4B

        MD5

        e89854dfc541758037d0d9898aac114b

        SHA1

        352c5f759fbd5da2383af80f897e0012db3d45ed

        SHA256

        f015c4c4e29b4b0d404d2b8dd98be87d41bf486b711aeba13379eee5095ecbaf

        SHA512

        b555df0a92d57756da8887a945d1fc668b494973fe3011828e43dcf9b381a4197eaf9121010716173fea331cf3f2fea9cf85e4fb2dc550fcb32cb61448be7465

        Download Submit

      • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
        Filesize

        330B

        MD5

        0099d790fbf62a56397430bbffb33cec

        SHA1

        dee8a7993f59d72b2fc2d6e5da7ef82b771f478f

        SHA256

        3c2bddb4a42085348f2a17c25b27846419127011b802cf18f2c158fd1b315eab

        SHA512

        7c50580b77383084368488e8ad63057c06101e6dfb7e3d1810d71ef51df2548195ab93893a06d0939857d16f8b0d30318a0c298ad228b284a6bbf000ceccf5c6

        Download Submit

      • C:\autorun.inf
        Filesize

        119B

        MD5

        8815ca284498e1a366afbb10c60e95e9

        SHA1

        fb02189ab180d7d72567cf31c8ee3ed2a85dbed1

        SHA256

        0ef510e196e2d7432dff036164ffd3845fbb0f8cd59511a93b032e7b42c326be

        SHA512

        d683e4954f450296472ebfbf1fd3704e9fb1db65bf99f61d58c81dfcc5414a44bfe31198c29167c0c171bcc0e77b89e393039bb61b17b7c9d5a9803bcde5361d

        Download Submit

      • C:\info.exe
        Filesize

        124KB

        MD5

        16f902491090535d69774895fde63bf4

        SHA1

        f7273cac1b3ed08cc15275a5eb3a6771daa6b91b

        SHA256

        76869418b743d0c1c2ff4241f62f2ae0c63af1233dfb577eb71baad3be896f96

        SHA512

        1a32ec1437b121956a0a366ffa93511b42c17a59b032333482fa5eea5b462805772f02014a808a95f7dca48e050d23cd5c4305a67c37624c4441acafe12ac691

        Download Submit

      • memory/3296-304-0x000001D11B370000-0x000001D11B380000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3296-310-0x000001D11BB40000-0x000001D11BB50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3868-0-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3868-266-0x0000000000400000-0x0000000000420000-memory.dmp

        Filesize

        128KB

        Download