Overview

overview

10

Static

static

3

3e78a8d266...18.exe

windows7-x64

10

3e78a8d266...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe

  • Size

    109KB

  • MD5

    3e78a8d2667bf948082f7f6cad2c82f1

  • SHA1

    627145099b8edbd8bebc33ffb0871e0104d5b9a3

  • SHA256

    f712333bbc8b4c99b18a02aa2b4318bbf245d1f69c915f6470264a5c38d508c2

  • SHA512

    6f9173a73c4fc8845c2eec2f90731b1f2977e10fa719d914dbe39ba536e9e1b7b77c31b8978d84954205bc71a1591732cb8d74e27e41c95fd0e30b6bbd65f45f

  • SSDEEP

    1536:Rnqtu3abBGy3G8V0iuoKWGq6KfFkWGq6cjTA:RqRMPsKWGqFdkWGqzjTA

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 27 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe 
      C:\Users\Admin\AppData\Local\Temp\3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe 
      2⤵
      • Executes dropped EXE
      PID:2660
    • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\asct.exe
      "c:\Documents and Settings\Admin\Application Data\Microsoft\asct.exe" 3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3e78a8d2667bf948082f7f6cad2c82f1_JaffaCakes118.exe 
    Filesize

    27KB

    MD5

    9dbb82fb602aa42b131c55c5d136dc9c

    SHA1

    4f6d5c48f68b4a94b08960788b4660b8f6cf318d

    SHA256

    ca656fda1f8fea01307a97156e105792a40eb2e1968c057643f4bb21e81738df

    SHA512

    b1f5c52b7e7590625161bbe2f53dfd95bed88ab37b5ae31736c087f61e3b6a449bd782a18f028d869ac2dd9052f4d16254d89f746040f02f1608b5e5cad61328

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\asct.exe
    Filesize

    82KB

    MD5

    785fa3efe7c6b97ccc072889e80395c4

    SHA1

    bebc636bc298cb0173ff23c07a232043fa1a6874

    SHA256

    8f23b9e5907cdb872898aa837b651c1d4ce8164f281b5aabbac6d79b3a228e23

    SHA512

    b62a72ce397c433d3140d2b9fd25a9869bf75b4cb42c7a4acea1ef8fe5928aac2d221cf9e2ce4b66ab4a84b61d872ff0d493f83a6c44771f1600951a5d04b94f

    Download Submit

  • \??\c:\windows\SysWOW64\Windows 3D.scr
    Filesize

    82KB

    MD5

    23f57851437bb2f7335ad3aad7461563

    SHA1

    313368b3bbf0c4c40cab94cc18ed14c62c0e7d18

    SHA256

    cf505b08b553ed98e7e34a0e03ffca42f62912942d995f15972e1e51faa513f6

    SHA512

    5d34d4319f432d86627fc91c1addef99714002a35fc9690eedc385e1f5c9dff5ba5b289059755fc9e70d367bd587b041b592e5da4ace7f5de8d7a7a26f1d7dad

    Download Submit

  • \??\c:\windows\SysWOW64\maxtrox.txt
    Filesize

    8B

    MD5

    24865ca220aa1936cbac0a57685217c5

    SHA1

    37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

    SHA256

    841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

    SHA512

    c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

    Download Submit