Analysis
-
max time kernel
110s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 20:33
Behavioral task
behavioral1
Sample
433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe
-
Size
212KB
-
MD5
433cea8bc34cece132c891010bf96ef7
-
SHA1
f516fa0e92de8cab74d9a24bb37bfab991ed4dd2
-
SHA256
f0549dc5ffc5d89866f700a3c53d2dcac948c6149fe96d56129cf9e0fc5b8c85
-
SHA512
d2053334ecf49c897485152a5ab799a68e7ea7e34b9299742ad936ad44c0b0e03228b2cabf55f58a80d63ef9d5769155055cc0101c90262d1658707437ef35cd
-
SSDEEP
6144:jAEkK6rmEnOwO6esxm1XwY7XEjZufoKEy:8T3rnOwO8xm1XPX8qwy
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2388 Qbejya.exe -
resource yara_rule behavioral2/memory/2560-0-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral2/files/0x00070000000234c9-11.dat upx behavioral2/memory/2388-14-0x0000000000400000-0x000000000047F000-memory.dmp upx -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe File created C:\Windows\Qbejya.exe 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe File opened for modification C:\Windows\Qbejya.exe 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Qbejya.exe File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job Qbejya.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 38832 2388 WerFault.exe 86 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\Main Qbejya.exe -
Suspicious behavior: EnumeratesProcesses 53 IoCs
pid Process 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe 2388 Qbejya.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2560 wrote to memory of 2388 2560 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe 86 PID 2560 wrote to memory of 2388 2560 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe 86 PID 2560 wrote to memory of 2388 2560 433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\433cea8bc34cece132c891010bf96ef7_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\Qbejya.exeC:\Windows\Qbejya.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2388 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 5643⤵
- Program crash
PID:38832
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2388 -ip 23881⤵PID:44056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212KB
MD5433cea8bc34cece132c891010bf96ef7
SHA1f516fa0e92de8cab74d9a24bb37bfab991ed4dd2
SHA256f0549dc5ffc5d89866f700a3c53d2dcac948c6149fe96d56129cf9e0fc5b8c85
SHA512d2053334ecf49c897485152a5ab799a68e7ea7e34b9299742ad936ad44c0b0e03228b2cabf55f58a80d63ef9d5769155055cc0101c90262d1658707437ef35cd
-
Filesize
390B
MD5ed40d946774d76a39251fcbe47152274
SHA1cedfb02ce02fbd961855454e3b8021b989b62ed8
SHA256dcc24a71bce6c1d0412cacb0783d17375399140bf211f85c3c5fd42c7c0202a9
SHA512ffc969eaf27873da1ec58dd1619ceadcdee0505a1721d06a9559f6b49814928cdcba8292b87854ca16b652400874ea3bc8be25c5584bc262f4fe617f0f9de84a