Overview

overview

8

Static

static

3

3863ba4c5f...18.exe

windows7-x64

8

3863ba4c5f...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 08:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3863ba4c5fe5b2b64e2a40cafbd1e37b_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    3863ba4c5fe5b2b64e2a40cafbd1e37b

  • SHA1

    76e8ec80fffb2fd98e620b9d04b53f8480866e09

  • SHA256

    c93818f56942ab9439f5b6f00fa9c476773db0e5cbf156c1bc4d10748a63c96d

  • SHA512

    90717e71438ba774766e1e7b12389db76195dd02a9f2c30bdfc8c03db140f90ac388636cbf04abfefdeba5a16e4da42f88ea8bdf0c05269fbfd10e81496eaed5

  • SSDEEP

    768:vT8exG620XjzngTRmhlOLWsyjNUYLGNY1C/9t6+1N45+1uUp+IoBgYa4M:b8QGAPnthISsymYL4/9t6+1uI1FzB

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3863ba4c5fe5b2b64e2a40cafbd1e37b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3863ba4c5fe5b2b64e2a40cafbd1e37b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\insC331.tmp", start first worker
      2⤵
      • Blocklisted process makes network request
      • Drops file in Drivers directory
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      PID:2312

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\insC331.tmp
          Filesize

          48KB

          MD5

          8fe4e0d7d1562faf1c63eea2c2de6710

          SHA1

          765cdb958dc7878a8246401859fe33be29533b57

          SHA256

          1a58db9149e7a4999b6c29e71c1fa4d647575336bb5d8445196b7d774fea78d5

          SHA512

          377f8bba161fa89c98b80a1dc2b81a063fcf1f38272f93a1b50a9bcea5e53328962927b62061f5aef6c2f1c60fd3957741de6ad7bd81c17889fcb22dad733910

          Download Submit

        • memory/2312-8-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2312-14-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2312-15-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2312-18-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2312-22-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2312-26-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3504-0-0x0000000010000000-0x0000000010011000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3504-4-0x00000000021F0000-0x00000000021F1000-memory.dmp

          Filesize

          4KB

          Download