Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 03:34

General

  • Target

    18a2b33d115d3be7c8969d350823380c_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    18a2b33d115d3be7c8969d350823380c

  • SHA1

    03fa33de9bcf6fd8c96233258428446a58b7f9ac

  • SHA256

    22968e0b3963e9801600518f6212ac92ca6c14a6e22ed24f292a82557dc642d2

  • SHA512

    01163fbd008fb0e3e46897c3000bff258b72cf3619c32403edf774a4f465b00a8ee75711af7a48d32798e6533a29189043667ea281871513be35c3ba06766dbf

  • SSDEEP

    384:oGiZoqe4eI9vlAdWfVGPZ8URB8GmSKamkTCAoBZ4Rx4RPUfKlIiqPYS:oHOqe3I9vGdWuBvmTaDTMa2R8fjPYS

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Drops file in Drivers directory 5 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18a2b33d115d3be7c8969d350823380c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\18a2b33d115d3be7c8969d350823380c_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c regsvr32 /s c:\windows\system32\360ST.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s c:\windows\system32\360ST.dll
        3⤵
        • Loads dropped DLL
        PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TIWGXJYA\www.baidu[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Windows\SysWOW64\drivers\360DJ.txt

    Filesize

    400KB

    MD5

    5463411619140963272bcb825cfe9a6e

    SHA1

    ad8b2d403c9a8915ae2df7f852209ead3904d090

    SHA256

    128108da127f7824aa2f1c232771d486f3cbd5f9e806d035aa531735a065bc5a

    SHA512

    2e5fed24131f65a90063f60832c757d9835e3673db2aeed1bf010bcdad2204ef637b5bbdad6318d13264e8f7aae5c5843c7f31ad0112afb418cbd1b73151d0a1

  • \??\c:\windows\SysWOW64\360ST.dll

    Filesize

    27KB

    MD5

    a4958eeceddac41bf15551af8eff8d32

    SHA1

    f067872a5304e69f92034e5efb023145fd34b65d

    SHA256

    a8dfe56722f771e6f746b9a786ad9794cfb4a5478a5bde505a22ce5c97242c32

    SHA512

    39eb90956a2fe28a9bb8860de8c73bf62dcdb57af4a521fcf52715e3d37cf60cf6678e15f44b46bfe107c652de37990ba469dd40b752837e12e8e0ff3e42b4e3

  • memory/2164-17-0x0000000005390000-0x00000000057A2000-memory.dmp

    Filesize

    4.1MB

  • memory/2164-24-0x0000000005FE0000-0x0000000005FF7000-memory.dmp

    Filesize

    92KB

  • memory/2164-29-0x0000000006C90000-0x0000000006DC0000-memory.dmp

    Filesize

    1.2MB

  • memory/2164-65-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

  • memory/2904-14-0x0000000011000000-0x000000001100C000-memory.dmp

    Filesize

    48KB