5273bcc427a496ff80598a963f2166a413329cd21baa7b91808ebe5ec6d82ec0

Analysis

max time kernel
142s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29fc0839c94276b2b6dbc431d39ef748_JaffaCakes118.exe
Size

135KB
MD5

29fc0839c94276b2b6dbc431d39ef748
SHA1

fb87f424625f9236437519f78ba4737094b4cc43
SHA256

5273bcc427a496ff80598a963f2166a413329cd21baa7b91808ebe5ec6d82ec0
SHA512

abff398e984649ff690b6940dad276ada3e5911c19ea4da5f65f41f84819f8194d2569f271f067d8f14680b88df11b6de1f3dd55176065824ca85fb84f34747c
SSDEEP

3072:d7bV95FmWqbWpS+IOReIYpWkjryPqtdfwslU+AwTAO2j3OfJwdLC6TZc:d7bA9rOReIlPYfAwTIEefT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2880	owr.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	owr.exe
File opened (read-only)	\??\K:	owr.exe
File opened (read-only)	\??\L:	owr.exe
File opened (read-only)	\??\M:	owr.exe
File opened (read-only)	\??\R:	owr.exe
File opened (read-only)	\??\T:	owr.exe
File opened (read-only)	\??\U:	owr.exe
File opened (read-only)	\??\Y:	owr.exe
File opened (read-only)	\??\G:	owr.exe
File opened (read-only)	\??\O:	owr.exe
File opened (read-only)	\??\P:	owr.exe
File opened (read-only)	\??\Z:	owr.exe
File opened (read-only)	\??\A:	owr.exe
File opened (read-only)	\??\H:	owr.exe
File opened (read-only)	\??\J:	owr.exe
File opened (read-only)	\??\N:	owr.exe
File opened (read-only)	\??\Q:	owr.exe
File opened (read-only)	\??\E:	owr.exe
File opened (read-only)	\??\I:	owr.exe
File opened (read-only)	\??\S:	owr.exe
File opened (read-only)	\??\V:	owr.exe
File opened (read-only)	\??\W:	owr.exe
File opened (read-only)	\??\X:	owr.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\386DC971 = "3929974461"	owr.exe

C:\Users\Admin\AppData\Local\Temp\29fc0839c94276b2b6dbc431d39ef748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29fc0839c94276b2b6dbc431d39ef748_JaffaCakes118.exe"
1⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\owr.exe
C:\Users\Admin\AppData\Local\Temp\owr.exe -svc
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies Internet Explorer settings
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\owr.exe

Filesize
135KB

MD5
29fc0839c94276b2b6dbc431d39ef748

SHA1
fb87f424625f9236437519f78ba4737094b4cc43

SHA256
5273bcc427a496ff80598a963f2166a413329cd21baa7b91808ebe5ec6d82ec0

SHA512
abff398e984649ff690b6940dad276ada3e5911c19ea4da5f65f41f84819f8194d2569f271f067d8f14680b88df11b6de1f3dd55176065824ca85fb84f34747c

Download Submit
memory/2852-32-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2852-2-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2852-11-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2852-1-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2852-33-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2852-0-0x0000000000220000-0x0000000000232000-memory.dmp

Filesize
72KB

Download
memory/2880-27-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-30-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-26-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-28-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-29-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-24-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-25-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download
memory/2880-34-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2880-36-0x0000000000240000-0x000000000025A000-memory.dmp

Filesize
104KB

Download