66874d10f13e565ab1f8c43584fd88093fe013ea1041d9b8003832af450452c6

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07-07-2024 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe
Size

223KB
MD5

29e1a43cddf7322b07de4567d4321dea
SHA1

be68e5db8229f2d758ccce5ff4ab9907a58a98af
SHA256

66874d10f13e565ab1f8c43584fd88093fe013ea1041d9b8003832af450452c6
SHA512

19fc1c81f5ea793b98e48decfdc52f184d7adf1979dcdf4ddf4e0b3c23e6b4bdc683b9ea6889e38f8a35b1640502e0309f8a8d5e1dfc1a690bf6855ed20fcccd
SSDEEP

6144:8XSkRcJlmnko9pUPfV05tYbP36Vo08s9N8qi7rrZx7UOynbX:JCczmnkZPfV0PSPvEg9x7sbX

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2632	nodkrn23.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Svchost local services = "nodkrn23.exe"	nodkrn23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Svchost local services = "nodkrn23.exe"	nodkrn23.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\nodkrn23.exe	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe
File opened for modification	C:\Windows\nodkrn23.exe	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2632	2204	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2632	2204	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2632	2204	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2632	2204	29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\nodkrn23.exe
  C:\Windows\nodkrn23.exe 560 "C:\Users\Admin\AppData\Local\Temp\29e1a43cddf7322b07de4567d4321dea_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\nodkrn23.exe

Filesize
191KB

MD5
cdffa4d70c92ae8772a348d4b4dcde80

SHA1
d7e4bc2019827276991978c3b3ac41f98f34ee28

SHA256
04c34fcb2485a640655b38a43c712492b5a680b0dbb66316cad1ad7c384d75ce

SHA512
8eba70c192ae3456cf34228277843be9cef81377c67b724b69a03e368c2ed607f3211dbb343a4b6bcc14b74e30c479d3244b7e733314f97a9a0ba2a3e5a11218

Download Submit
memory/2204-6-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-8-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-3-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-2-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-9-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-7-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-4-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-5-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-10-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-11-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-12-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-13-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-1-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2204-22-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2204-23-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads