Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 15:59

General

  • Target

    425f72158bda718b26ed42540cb95940_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    425f72158bda718b26ed42540cb95940

  • SHA1

    370a373abaedcbb2c15356fa03c702f9cb73816d

  • SHA256

    169afdea70d6efac4db5527c5d8ce0a7b0f13625a3ee76b6ef5ed91cb2a53f23

  • SHA512

    6b356710937e267d7ca19c98478ff773b41fab54e391ed5f4f35d401a938e7c0f063c27c93de40dff3681fc92b6147b2e1d770d0c289fd8cd91a5a4fa82a336f

  • SSDEEP

    3072:2O7cGpEZWfDE2rJTtbo41/SAdonsJxEX8aBk:2O7JpEZW/rjB1qqjJxEXy

Score
8/10

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\425f72158bda718b26ed42540cb95940_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\425f72158bda718b26ed42540cb95940_JaffaCakes118.exe"
    1⤵
    • Server Software Component: Terminal Services DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4972
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Deletes itself
    • Loads dropped DLL
    PID:2972

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Local User\kshack.dll

          Filesize

          96KB

          MD5

          3c1296a340ae78140a0691f4f56f93f6

          SHA1

          a32dd50e12d454a35ad25911620fd1d04be3fc62

          SHA256

          d1103324494d12fbee1ab955656424077944aa0fe15a5675b98c9a51b6520a09

          SHA512

          32b17a2944473ab9d43a5ae604597759f91732eac5bd527a1121e2ba9b0cbdce7f93adc3421388b2e7193ab376ce41532ff604b5c92bcad688baa95dbcbc681e

        • memory/2972-5-0x0000000010000000-0x000000001001C000-memory.dmp

          Filesize

          112KB

        • memory/4972-0-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

        • memory/4972-4-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB