67e5d5b3aa1118b003dbc0e3ea64095c657745c6b6a1f757312e16f6299d09a0

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
Size

189KB
MD5

34e11c1efa77bd921c49ce029eefe514
SHA1

36ce4e2d54727551c7653eeefb08fd8466f16293
SHA256

67e5d5b3aa1118b003dbc0e3ea64095c657745c6b6a1f757312e16f6299d09a0
SHA512

c515eaa5d6471066e0c3cd6ef12dd97dd17e505bea77ed0ca994bf79e4a0f828c1be141f624609133f6bbbd2340b0f308438ea92bf6bc8a9823bff08374ea138
SSDEEP

3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e85:o68i3odBiTl2+TCU/3

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart"	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\SHARE_TEMP\Icon13.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\winhash_up.exe	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon6.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon7.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon12.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\bugMAKER.bat	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon5.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon3.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon10.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\winhash_up.exez	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon2.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File created	C:\Windows\SHARE_TEMP\Icon14.ico	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
File opened for modification	C:\Windows\winhash_up.exez	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2732	3024	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe	30
PID 3024 wrote to memory of 2732	3024	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe	30
PID 3024 wrote to memory of 2732	3024	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe	30
PID 3024 wrote to memory of 2732	3024	34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34e11c1efa77bd921c49ce029eefe514_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\bugMAKER.bat
  2⤵
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\bugMAKER.bat

Filesize
90B

MD5
dfa0b7934173bcc9ec499683b5f67168

SHA1
1f21d3be96a154e8ffb3947552920cd5f102db4d

SHA256
f1a3e96047ebbde4d1c77cc533d29a13cc13a08451b6917ad746d9ea87b80d3c

SHA512
30df9eed9f2f4d3ed4a07274357ba01424f5804db86e0c7ae978ecef52ddaeba8d3b65ee78eb9daf7c98b1cd8b568d69ec95f02c27b492f5f1d439c1e9410855

Download Submit
memory/2732-62-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/3024-67-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads