Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 00:32 UTC

General

  • Target

    24056d080b7169658f1321afcac4f34e_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    24056d080b7169658f1321afcac4f34e

  • SHA1

    12cbfc2bcea145ce8522082d648d24026ecf82a0

  • SHA256

    1a553e660a6f8f287ebd87c312518a1101d2e659b3e1938c58ce8e1030b8561f

  • SHA512

    678c98c87de18ea232a6ec2ba8f394639477e5309ccff86ccc3325b4a7ecbe39e8b3f5e2d49ce795568f6c7bb926360c997074e8a22edfccfdf16ebf4426d359

  • SSDEEP

    3072:gZMB9JdoHmoeyced9wh0qDUOv31VI07ialpqxVyxEiFX:+MkHmotf7fqD5w0GWfx

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies registry class 7 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24056d080b7169658f1321afcac4f34e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\24056d080b7169658f1321afcac4f34e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\ujsafac.bat
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Users\Admin\AppData\Local\Temp\fxewrz.exe
        "C:\Users\Admin\AppData\Local\Temp\fxewrz.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:2616
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fglolr.bat

    Filesize

    170B

    MD5

    d95ba66158879a3163d2abe81c5205f4

    SHA1

    4155aeb1c46fac67b004171929e9aad3afc55768

    SHA256

    03893aa9a6cd4e87783abee76f44bb83b9c585759eccaa81a4fc43fde994efcb

    SHA512

    a55a59d56280613bf3d99f5c9b7fd27e9d672523981e538f8f714b4d06b3bedb64fa12b11e0ef60aa006932b217e96b1c83091b224f1d9081b02f60b7e21af7f

  • C:\Users\Admin\AppData\Local\Temp\ujsafac.bat

    Filesize

    124B

    MD5

    3b1b44f627fcdca79563117eea139b14

    SHA1

    8c620306e6e7edae1a38c496639ce0a62e40f86f

    SHA256

    8edf21669e117014f77ab83b8d9f0d2378ce29833873833094d4c2ccb00fea6f

    SHA512

    05ff144ae60cb56a0e83eaa293372eec537a0f9fa43897f4f7fcadd4f608f02aa64dd4e2a2ee843dcc62644441b84e6ebe2ac8ecddb735f0a59b3aa619d8ff28

  • \Users\Admin\AppData\Local\Temp\fxewrz.exe

    Filesize

    144KB

    MD5

    9cf9d9f950e6eef40c483566bb07987d

    SHA1

    20149ff37fc2a06f55d4ab7d49c114cca8328ba6

    SHA256

    a372fdc4b5b00bf031cfbaecefa439fe8f3c9992c15f9e0cceed3055f73ff9df

    SHA512

    2689ea24550c749ceaf3a5422921d397959195281846dccb356ae2ae13bcb98abef289e51360065252503cc20b6e12b14016122ead7d911a7dc9a048d834f77e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.