a53a5e1e72afc0f74e298c22ae0303c831128d4f10366d92f33df4a9b7bfb56a

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe
Size

243KB
MD5

3882110b3450940754575c5362a4c9ce
SHA1

8df6d7c16019fdefcd77cfcf916aeeef63542c84
SHA256

a53a5e1e72afc0f74e298c22ae0303c831128d4f10366d92f33df4a9b7bfb56a
SHA512

63cc674194700aaed9a24120a5f7e448e0cb32076c467a9f84506dec99b6fb8cb8f6972de88050cdb88cbc81d11ddb9634bb352754deb75164397cb60c82f543
SSDEEP

6144:NFE9wV5hpGdbvXHaSs4a2/o5/vbNHJ82OBtD8if:Nq96DpGt3tsqW7VJEBGI

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3716-0-0x0000000000400000-0x0000000000494000-memory.dmp	upx
behavioral2/memory/3716-4-0x0000000000400000-0x0000000000494000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\plugin = "\"C:\\Program Files\\plugin.exe\""	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe

Suspicious behavior: RenamesItself 2 IoCs

pid	Process
3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe
4100	cmd.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 4100	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	84
PID 3716 wrote to memory of 4100	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	84
PID 3716 wrote to memory of 4100	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	84
PID 3716 wrote to memory of 1380	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	85
PID 3716 wrote to memory of 1380	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	85
PID 3716 wrote to memory of 1380	3716	3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3882110b3450940754575c5362a4c9ce_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "move "C:\Program Files\plugin.exe_" "C:\Program Files\plugin.exe""
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del.bat
  2⤵
  PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
221B

MD5
e7b8d58d3dfa2906ae9146dd99e8209c

SHA1
50afb068839102aa53b505b577cb538987c50f6d

SHA256
25ec81a1bcc829b6858cb5e0b7e5c95d9abf38a0591603c3b7e945eca969fc0c

SHA512
1d54a43294c7154251e1198f17c09b34a11ffb4ad2987da4ea7995d3ac4ad9fc583d490d948f2e91c5e3d60d19fbaec18de656437e9910e44f3088f509b174b6

Download Submit
memory/3716-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/3716-1-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/3716-4-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads