Analysis
-
max time kernel
106s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
09/07/2024, 08:38
General
-
Target
2facccd29ff39a77000a16cef14650eb_JaffaCakes118.exe
-
Size
42KB
-
MD5
2facccd29ff39a77000a16cef14650eb
-
SHA1
48ec866c31d7bb100183a82611196ce410f43bc2
-
SHA256
30ed4d71ba8e068646ec8fed464e7a7815fe5b7364f00b77355b4add221e955e
-
SHA512
3c64475c62f62b48cf527fd5adc98fa8c06d09c544d279081f92ce57314a6a9df2f166600c84fd5dfe9dcaec3d531429b6e1650f7a33acacc574add48f72a109
-
SSDEEP
768:xu6THgVNE4YYo+eRt4n9aOJnCrh6JkZVqcgg1zhZai6WivD4rdj8Q3y8:xuWgHEpYo+egn9gV6JqVEAZaF4rhhy8
Score
8/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2facccd29ff39a77000a16cef14650eb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2facccd29ff39a77000a16cef14650eb_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\lgbgxgfq\bsbwdchg.exeC:\ProgramData\lgbgxgfq\bsbwdchg.exe2⤵
- Adds policy Run key to start application
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\2FACCC~1.EXE.bak >> NUL2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD52facccd29ff39a77000a16cef14650eb
SHA148ec866c31d7bb100183a82611196ce410f43bc2
SHA25630ed4d71ba8e068646ec8fed464e7a7815fe5b7364f00b77355b4add221e955e
SHA5123c64475c62f62b48cf527fd5adc98fa8c06d09c544d279081f92ce57314a6a9df2f166600c84fd5dfe9dcaec3d531429b6e1650f7a33acacc574add48f72a109
-
Filesize
60KB