Overview

overview

7

Static

static

3

25068e2239...18.exe

windows7-x64

7

25068e2239...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 06:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    25068e2239c798c56c4662df87016fcd_JaffaCakes118.exe

  • Size

    300KB

  • MD5

    25068e2239c798c56c4662df87016fcd

  • SHA1

    b3dad3df7a89a404923df9e0ad10e93632d4fad0

  • SHA256

    362817621f93ee8934fa823877d6aae63cefa58b77398962375d4c9510e307f2

  • SHA512

    19011cb590b5c62b01b6c467af6a96b622f4f20ab578faa9e2b58d9f4c603e9496674ec8a9d85d88bb924598e90aba57c54f564b6791eda3b65eae1fe3db5bd7

  • SSDEEP

    6144:3Cx95xIZvkHxwi9G1JSzy8J61b39mv74RMKFPIO:SdxIVkHxwDJSzy8J6R5Rd

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25068e2239c798c56c4662df87016fcd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\25068e2239c798c56c4662df87016fcd_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\system32\klogon.vbs"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\System32\rundll32.exe" /c kilogon.dll RegwinPro
        3⤵
        • Loads dropped DLL
        • Modifies WinLogon
        PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\unlogon.bat
      2⤵
      • Deletes itself
      PID:2608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\unlogon.bat
          Filesize

          212B

          MD5

          4ca8f77d62977ae79d03b272acc74702

          SHA1

          8f73823c1cd7e844788dd06a3cf1c69b83c624f1

          SHA256

          f2349866cbffcb90677a29961814e8ce9bf917e2f5b4c1e1fe4347c91d91c992

          SHA512

          5bf18ef85a69ae4f237b9fc8a960aa5426d361ed7ceae3556b36c216b86b3859a7f78db97dc398e61f0dfddf9f44f2141185b344524fa7be0589b7b36462d422

          Download Submit

        • C:\Windows\SysWOW64\klogon.vbs
          Filesize

          96B

          MD5

          a3bf6ca95b1c1a6af1bf8568e777636f

          SHA1

          4cd1876c0b52a51b3bfb7e11aeb549f0036d8448

          SHA256

          48895b08a9a6ec703ca6f9bad05285f4297c6e1819cfc0c0c2cfa3be6f455952

          SHA512

          7a733bc4467d11942e2d7059a40dd5abae7b64f3c4544364d810839224ec452f126e2b24c899748ec655f0e08f3ef0706d1022db8c912fe138730e24ef63c716

          Download Submit

        • \Windows\SysWOW64\kilogon.dll
          Filesize

          157KB

          MD5

          beebae3a351b3f796836ed221772babd

          SHA1

          a86e15b58c44ac9e483cee22bbb3624345822c1d

          SHA256

          c9dabeb4c47b3bc97d468af05484e73ec6cab01e45cadcd997b72a81c8b19172

          SHA512

          9102d207acd63454d81076fd5dac5b72b3cae203cff89d33cfc5149561d35ac2a47fba3549d4b5221331f88336cee6073b29b8106120e0958223acfb1ffd20fa

          Download Submit

        • memory/2704-20-0x0000000000210000-0x000000000023C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2960-0-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/2960-12-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download