Overview

overview

7

Static

static

3

4553748f30...18.exe

windows7-x64

7

4553748f30...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-07-2024 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4553748f300676873e21f4f5b1de46e0_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    4553748f300676873e21f4f5b1de46e0

  • SHA1

    d073da1d10a9625ec3c5f2f8b546add37cf15af1

  • SHA256

    9db4e53122eed4bba862ad50550232aff82e8d5de4706da219c4f7404191907a

  • SHA512

    d98354f02e806ada99016aa0bc8ad8b8dc8ed39346e5c3b4ffd9dc2dfc97407db93fd4da2b4d9a525ac02a52c8b2df2a142a83d3fa5b59742c8b5271bd2b2101

  • SSDEEP

    24576:pcs3MKLBDY7Ryy0fNRqTb+UO8lZN899ysIOmQuKa/57HaLtVDpEYfMoR:P1LBUPoj6tv49yL2Pa9SV7p

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 11 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4553748f300676873e21f4f5b1de46e0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4553748f300676873e21f4f5b1de46e0_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi /qb+
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:944
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MsiExec.exe
        MsiExec.exe /regserver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:472
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MsiExec.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi /qb+
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:2612
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msi.dll
    Filesize

    1.7MB

    MD5

    1fff0ad0e5cbb7f910911b455d651eae

    SHA1

    b657448eb7c2646d124c8c3d5f6a4c4bf36daa54

    SHA256

    9aea91635605c1ed8f57d01030c4b173d7c894d742ac9c5c6784a8e3458f1105

    SHA512

    69d09f8718663f38517e56768e284f8763ce2eb9fc3ce6e91250b209b7d64afa328f0a647891772c11e7bdec82cf679e55a04331cd339ab40b5cc4c89af194bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MsiMsg.dll
    Filesize

    679KB

    MD5

    528846710b84cf29b3fbae8b5a12e028

    SHA1

    417e88f96cdb9effefb5ec8be020c36367674e40

    SHA256

    706cc97d4aca7dee485d8de6d5f5e286a513bf11bca11fbf321430de760c7801

    SHA512

    8174b1413b4db9e9347e114d1402aa34a80fcc616cc5c68273f2a36b4b4da21745d4956bf9808bd9516bd0489b8defabcfe0da1f3a82f651d7db495636660353

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\instmsi.msi
    Filesize

    680KB

    MD5

    637320b4d6a81f21edb5f45abd1d02fa

    SHA1

    ea0b4081bcccbf797c32172fafa5bd732b61acec

    SHA256

    34e6013cd82abd7f5fc1879c3f27b10899bdf3833bf93cbb81d3eb72c3c62be3

    SHA512

    662dff4d02ce4feac27cd378728428943a5b7fad30b71a2ffd9f38517b835c05bf48fc4bc59a24ce86a657b2eaf5ce00939ede1e2badbf39c3bb20d4d0d7df39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiexec.exe
    Filesize

    46KB

    MD5

    4dd11f4fd21897f4629cb6e68b8d8b5b

    SHA1

    60df48206ad37cfacdd91d88d5614a78d7d843d6

    SHA256

    b896a92bfd15a51e3c44e5a9131af437605376357abe44e28d101d35779b58d0

    SHA512

    bfab354421b494fb0ccc3369e25b335d92c74973fd2393df1a1b8e56c547c88e6abf8364e559ff7ca998a13adddf5114638333d3cd0108cf12cee54702dc8d2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
    Filesize

    6KB

    MD5

    7499489b7d11eee16eff127a764a8f28

    SHA1

    341d4e290537932cdeb2f3321f99d18a778220d0

    SHA256

    4bae6fb6d6d4907d259959315f35e74c183f594e6f8145353377eb55162fb004

    SHA512

    e8fdfc6abdc5e6bc26d467eafa71060cb06e4320b79e9ba8f8328c78aa58f5f42389d729b1e5d95454d67958f51d7361aac261e48498a2aeb1f31cb0e6a0caec

    Download Submit