92efbecc24fbb5690708926b6221b241b10bdfe3dd0375d663b051283d0de30f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe
Size

140KB
MD5

171ffa1fb15a298bcca8d8108fe913a9
SHA1

1145da17dea1f9786b14d673d760e5153c2d87b9
SHA256

92efbecc24fbb5690708926b6221b241b10bdfe3dd0375d663b051283d0de30f
SHA512

303ec164964efd25272518838a62240c4754111ff998e381840d1a3019f6102d314fc8c3bc63310d5d4d286bc57037266c8cd9ac449da5596d87233989a49046
SSDEEP

1536:Ef+NJAPod8leLLLLLLLLLLLLL4YbTBxupuHG6+/efOtNLLLLLLLLLfKotE8Bq4tR:g+NJA0JxOuHx+/efOrKo3876NCf/Xey

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2288	DaumCleans.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WarHead = "c:\\tmp\\DaumCleans.exe"	DaumCleans.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3152	171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 2288	3152	171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe	81
PID 3152 wrote to memory of 2288	3152	171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe	81
PID 3152 wrote to memory of 2288	3152	171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\171ffa1fb15a298bcca8d8108fe913a9_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3152
- \??\c:\tmp\DaumCleans.exe
  "c:\tmp\DaumCleans.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\tmp\DaumCleans.exe

Filesize
75KB

MD5
0b6019cb7d872112837e3459266e1337

SHA1
7bfe5f6443f50e2582471d6597f38b63d3caae5f

SHA256
d8df60524deb6df4f9ddd802037a248f9fbdd532151bb00e647b233e845b1617

SHA512
833c8f1a61953e5981dcd2006def8cfb476b2ddec019a0a6bd9a994f352edb7075556a3100b3ffdd63f2aeda74aecffb73b1fb6c89af06e7f4e08c6bd38377b5

Download Submit
memory/3152-3-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads