Analysis

  • max time kernel
    149s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 21:05

General

  • Target

    4356e298c6d4504e5c773aa34e51b71c_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    4356e298c6d4504e5c773aa34e51b71c

  • SHA1

    a7aed129acf3b21115ac0224fbaadfaaa55904b9

  • SHA256

    ceba2fbdb23ab50da06c03d53b10b9daad057eaa102519de6fd0ad5d34f6c44c

  • SHA512

    805b80bf62157e7236754480f8325df2748e693b3c1779c6d92f76728412de1a010cb9eff9395ef5d01bff51afe925da200a26f76adb8aba2b8ce204459e374f

  • SSDEEP

    1536:2gH4KSpy8tXG06YpqdXTsYJ/F+FBFIFGFYF7DUZxTZCra:LSs0G0mZLm

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4356e298c6d4504e5c773aa34e51b71c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4356e298c6d4504e5c773aa34e51b71c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Users\Admin\zeagook.exe
      "C:\Users\Admin\zeagook.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zeagook.exe

    Filesize

    88KB

    MD5

    06ebd4c0f0363e34b883f7148c580624

    SHA1

    f603e734c8bd056225bd73eb1fc213b6d597da1d

    SHA256

    514618525b04d23be523f9acfab5cf7dccd84f1f395a0acf00870e295849365e

    SHA512

    88fd10ef0fbe11339a6a5261e5d89daf2ee8ac19b23ba6841092ff94c464b5b2f35d82e87160818695953c8ac8249f9bed3c6eb79fc137ec052e5a6f1424d078