Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 18:51

General

  • Target

    1c1e6c64a2860e3b1a3e7c01341f77ca_JaffaCakes118.exe

  • Size

    220KB

  • MD5

    1c1e6c64a2860e3b1a3e7c01341f77ca

  • SHA1

    0a4cdb173310ea82add8262a38bf2ec99f6dba47

  • SHA256

    6a7a4a52b3b6128b68609e3282dc16ce7c9c252b01859a055158b8cd7f73082c

  • SHA512

    2e16f30866e01c7e8f2a896e3c6ed4d87364e5950fc52029a3610158b333a13c994bcff04488738a05c1b05989a4245f9bea9f18a0aa801d6a4ce113298a5872

  • SSDEEP

    3072:llR1SrvkY8YUL4qx9RIHgil3UuhSa3U3dD8d6Oy+MIrnj3JjND:B1Sbkx15x9SHVeOjf

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c1e6c64a2860e3b1a3e7c01341f77ca_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c1e6c64a2860e3b1a3e7c01341f77ca_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Users\Admin\zusuf.exe
      "C:\Users\Admin\zusuf.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zusuf.exe

    Filesize

    220KB

    MD5

    bc49c305308414310d603ef4431c6fe4

    SHA1

    fcd5a188b892313d597482ad93e890a396d83ca6

    SHA256

    8a61b1eed250d428e7dc477d574231279f75b0e76ce23daf3f0c98c07ee14a51

    SHA512

    03547573c9ae9e020f7e73aede945788d823ba317ae0b30e74247d1a2975d54f3e58e68eb5fa7275698c5a1b5a1e5e29710382dfe90e9fba09f42f56eb5f412c