17ce09679f37eb3a30a5d3b43241caec7aff6898ce0a934bf7dc974d9b187e2d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe
Size

698KB
MD5

3e68c0c6b603aa98c0c9a12839928a21
SHA1

309084773f63b71e3258a1551bf17c07249c9182
SHA256

17ce09679f37eb3a30a5d3b43241caec7aff6898ce0a934bf7dc974d9b187e2d
SHA512

95af5feab552a95c7bfb52bcbda4028917842e7c31d6da9cb615fcee0ff97a5753096eeb1a4c13e68ff1d66a85fd4c329e79068737235deee9ad3d2ad5c189e2
SSDEEP

12288:sxz6cjhDBPl8/jDxMP7QFV2e+vWabM4aHYNEVe5LRLg9nues7YIEebKP:Mz6cjhDBPmD+zQ32n44uYNEo51L1es0V

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2432	stdrt.exe

Loads dropped DLL 17 IoCs

pid	Process
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher = "C:\\3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe"	stdrt.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2432	stdrt.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe
2432	stdrt.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 2432	4476	3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe	85
PID 4476 wrote to memory of 2432	4476	3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe	85
PID 4476 wrote to memory of 2432	4476	3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\stdrt.exe
  "C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\stdrt.exe" /SF "C:\Users\Admin\AppData\Local\Temp\3e68c0c6b603aa98c0c9a12839928a21_JaffaCakes118.exe" /SO94208
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\Download.mfx

Filesize
11KB

MD5
3f93aa2215e325db71b5efb1ea4a4f5d

SHA1
225359c71d7cbd4fe7aee4b6e731b83a97178586

SHA256
b97849fa5f6932d177c58ee247563c67e92c4e0e15d68de649c43e6f08bcc767

SHA512
12486606097a27bb9eeea223ba98bb65d5ef04851d57f23395f48cb7f0bfbd0e07cc7cc54f7d240b5985c8424a4efa3d48f51312015950fefa43a18f6d746dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\KcActiveX.mfx

Filesize
288KB

MD5
365a1bcd61431389c20997373db49ebf

SHA1
4e048821bdfac6244d8b7a8625beed0ee023c5b4

SHA256
1f3634d236114593bdce2707db34a5d39fb100666c4afad244c4626b55c683ca

SHA512
ea776cec791e125d10da78a9d3742864baeed0f1a834ea69be5226354d05072c08673c51ddb004bc19dd386415c907ec5f88ead1d7d024392fc4e1ecda4e4450

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\KcBoxB.mfx

Filesize
36KB

MD5
3846ec4378306762a08b455ce6830603

SHA1
dbfee623ac007c934a2070a4d09eae4bf6fe7136

SHA256
9fb126a4cb00a16a591d2d1faa1f202d9f13a22f2a119ef79fc56c690da3018c

SHA512
44bd16495a9d660ff90455693c10f3dead908fa6c1d769948af0d77c8251bbab0e575ad60224ae51bb2a9662e36b9a8900f2a9c7a87bd0560c266825c0503190

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\MMFS2.dll

Filesize
300KB

MD5
dffca25b1fc4cc0b9e4b08a551ed0344

SHA1
1982f8ed843bb9a0d80eb11bc357c6e9798d277f

SHA256
186d448aabec4fcb6661ee105c5d399ad01f4ec1f7bf6c5cb70364d74cc34709

SHA512
6926760c16b32787a814da24b20786d3c00202ffe658cd4e3d943d5cf6bedb70105babb7f352a286f410d3dad30c1c6257ac707226c84f39d322ddc7ab25e563

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\Registry2.mfx

Filesize
14KB

MD5
53e5f0c38ba530d525ae454b2daaf9ef

SHA1
3ebd4f01f82c8b3e83fd71da2791ec0d2c149428

SHA256
72eeee8cdaf3f7e72f4182a77fd3b5bf6b5564352b4a98832a8f456173e12011

SHA512
971fb3d6d9f6b8fee646c3830989f9511a691e9764366aff83263bfd08c10558298b8286b7f1c0b1d103cb425035ad85a6e0954957bc98eccc9f5cbb87303a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\ctrlx.mfx

Filesize
52KB

MD5
c1d8aa4d5fd2029474b3ca1479fc8905

SHA1
03bba2e72c24f2e9ef4115ef2c2874f722db25b0

SHA256
ade4764b27602e86fd4b6bf501ff4508d89b3779432c9bf37e04b1a0b93327e5

SHA512
dd00943a3e44959febb7a748547ae35147cc720c24d19e88c7d28146c4afdc85e3b6a32f2edefaa7c65900b20e0048cf73000af2a1e114347140e88b7a014db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\kcclock.mfx

Filesize
36KB

MD5
0bf1ead2f87f3afa0bfae64a06676507

SHA1
45fcfdc8b1fe0e7fd1716f7b3c77108435c963c2

SHA256
c3b27b32c2ae86fd796c7b8c4c8277638bff1e9835887a778fe19ff7d9a40f4d

SHA512
1e5ea77456b2d115516f417f02572d99021795edc98c84daca761d1cd608433a0bd1158e2c532d885bb4b13eb73ed6329515682da7a6cb9f377ddbae66a25791

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\kcfile.mfx

Filesize
36KB

MD5
74225f508b64ec89e79531aabee00467

SHA1
ba695660f4c22ff57a91d9370fffef1fdc5d5162

SHA256
a404436d2f3c665ec782f991914ac90ef80143226c94e1affc43a02a2fe304d4

SHA512
0a5dc09d1229d4b8d301c14c72474b79481ac500675c73a9ad6477bdcd5f00d6eb8db077ec2f96ce30a1fd1d54f9cc84349ce406cc9e403564d7310740ec012c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\kclist.mfx

Filesize
32KB

MD5
c89739b88389a1412472858c569bc959

SHA1
5bff97e35361e1a687b682840f18821b661d2212

SHA256
985dfbea52a2b4f0ec4b4d242e6a14d5a5dc2acaf1670331297f282f6356ebba

SHA512
2982da4826452eac87011b8f8863eef99d70ebb2e6a83ff88a20c65dbe2d5d1a7ad07f71603281425dfc8f764fede4ce66febb1dca521bb2bf91494de4d01721

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\kcmouse.mfx

Filesize
11KB

MD5
4740bfb9e3dacf4e33f7816c1156c6a0

SHA1
65a4477763fa58d14334773e815c66732087263e

SHA256
cc85e8a5475ed156520dc80bb640dd514eda6c4924f1a382af23f8920f1f75d1

SHA512
552bbbe65cefd6cae85d99f102a991df86abcf8d0203e1f38ba968f0ce2f884d69ac4e383e7e74e3ab82e3842eee64c767c381f4efe3aa11354d28299c2d7059

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\kcwctrl.mfx

Filesize
12KB

MD5
d32d14a0efde04b214a3f7b77df91447

SHA1
3eb08a454f4fa98a68c33b93c1832dbc956f82f2

SHA256
a2b91ba20a6511b6e9ad115f33ddcd0d26841b1bacb047d9309f1b201f1ae9b8

SHA512
459a7b416b1a77b0a1a7cb7c0b1c22932b9cfc5b671fce27d72e4d2e97e469d58cddfe84161965c36af30e7ce4a75acf6bb8b79ed495e3e532d56b7df4cc01d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\stdrt.exe

Filesize
360KB

MD5
4eae30162ed73325ef1f9eaa29630390

SHA1
b308ee771b93e4650f7a58838509bf8e08a32d5b

SHA256
8b82ab3490d096771e0e43a2ec701d078e67a02e6310250110d095c61bcbd9e8

SHA512
c038aa2d3f9f846ac3086c0f9e75048cbb186c7b88d4c6303d5652f36b6bfdc7b9ab401d0065ed0df931fb870cf2c74af486998bb9fdecc9cef7cc8e9e6b8249

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9DF5.tmp\volume.mfx

Filesize
100KB

MD5
32a36b860f9e701c25495b057bde5121

SHA1
a542da49f915ad477f32c233026f95cf6226b96b

SHA256
543610aa1b6d4e25f0d6623b936630778caeecf8232a16a71985c70e1d3a84da

SHA512
7e167b573f06ac476d12bbbdd98efb97b80970a97dd994f228b1465e2e454b39671c98a4ff0517e38b4146c68bfde43602fd61f4939af1beabd48afb9503c8b7

Download Submit
memory/2432-25-0x0000000002310000-0x0000000002329000-memory.dmp

Filesize
100KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads