Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 07:36
Static task
static1
Behavioral task
behavioral1
Sample
194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe
-
Size
160KB
-
MD5
194e3167adf254ace0e1b356080f2dce
-
SHA1
ced10c7ec302e14bacfcf3a73761817eca29e318
-
SHA256
afe3f5145f36b02b02273f5a6ec2f2a042cfb5a70e5245b85fade0301969513a
-
SHA512
7b15d6236015770fb2b532fe17a8e8a534f902330115b9dd2bb9471f3bd4438cdcfd19fb42d6ec5a2fdba84eb659b677ea5225a3863e02fb7e7d15bd8c19d0dd
-
SSDEEP
3072:lGB8KaLmr9F2ZRNj/4tDtF53PbBqwEamLKbc8YVZfUHCFNmrSrpxEJmtVu38iUiN:Q6xL8KjcDP53owj7b9V6vpxE93a
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2968 Npewua.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Q8PS7ZCLN6 = "C:\\Windows\\Npewua.exe" Npewua.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe File created C:\Windows\Npewua.exe 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe File opened for modification C:\Windows\Npewua.exe 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier Npewua.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main Npewua.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International Npewua.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe 2968 Npewua.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2968 3012 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe 28 PID 3012 wrote to memory of 2968 3012 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe 28 PID 3012 wrote to memory of 2968 3012 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe 28 PID 3012 wrote to memory of 2968 3012 194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\194e3167adf254ace0e1b356080f2dce_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Windows\Npewua.exeC:\Windows\Npewua.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160KB
MD5194e3167adf254ace0e1b356080f2dce
SHA1ced10c7ec302e14bacfcf3a73761817eca29e318
SHA256afe3f5145f36b02b02273f5a6ec2f2a042cfb5a70e5245b85fade0301969513a
SHA5127b15d6236015770fb2b532fe17a8e8a534f902330115b9dd2bb9471f3bd4438cdcfd19fb42d6ec5a2fdba84eb659b677ea5225a3863e02fb7e7d15bd8c19d0dd
-
Filesize
372B
MD5907f4f483c51f3c57c8157c1b063f487
SHA152cfaa1ad46b0e9c676c48936859d57d21875e71
SHA25679ee32f2d8c32a0a3d711ecf74d59afd803c4981f09d22358b4bd0fccc626b2d
SHA51270f4b6c1eab72ec1dee95f556f47f4957b6d3e7c2056b1fa172b0edcb1271ef3689d97fe86cc85a40a1e9026b0b8c135543ddf1c3d48ffe071fc6a25fefabce7