Overview

overview

8

Static

static

3

3bcd08410a...18.exe

windows7-x64

8

3bcd08410a...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bcd08410a6a550292d2924c4aa1cc8a_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    3bcd08410a6a550292d2924c4aa1cc8a

  • SHA1

    ee066837d0d949a1706db4c9d2dd29b30fea88c7

  • SHA256

    adbbe8f15347f679086f2cad16428edbc46b39b52d603ec1603114858852a37f

  • SHA512

    7569458cebc54d435c3ac4a86c9d2d5ef52e94010d2aeaceb217cbf7a4a70a2d77f05685d197bbe59964a0b25bda7ca559e9c6ce59515d905f32dfac8dfb1ca1

  • SSDEEP

    384:8NzDh2P3XnvDrhBSi/1WxCJW568S6FEfqe9uMXbIp9wD3WyUtWC8iLW:89kX5oidWxCJW56T6FEfq0dXUqJhi

Score
8/10
persistence

Malware Config

Signatures

  • Modifies RDP port number used by Windows 1 TTPs
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bcd08410a6a550292d2924c4aa1cc8a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3bcd08410a6a550292d2924c4aa1cc8a_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads