Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 16:58

General

  • Target

    46b5485a2badc8a8d49962aef23ebf61_JaffaCakes118.exe

  • Size

    176KB

  • MD5

    46b5485a2badc8a8d49962aef23ebf61

  • SHA1

    8cc9bd937b036fc5fe270c81433e55b9906e2c07

  • SHA256

    9a45b9d9372c94699693d5798b357311e6bc648e8a7d9ce2ea094caf22c02af1

  • SHA512

    1ccb2d54c787a39bb275a4ce9c8d498646c724fb7a2f6ba27e2d32bf54238432e247b55d0ff0ee9169f683d43fda8b8de1f7932fe28c313746657ab5172728cc

  • SSDEEP

    1536:q9BkKaEKrGayc7nRobksF//gYWftTV/b6GZIhdf96K0USn:weKaRrGar7nRobksF/oY4V/b6GZG6K0

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46b5485a2badc8a8d49962aef23ebf61_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\46b5485a2badc8a8d49962aef23ebf61_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Users\Admin\xyvun.exe
      "C:\Users\Admin\xyvun.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\xyvun.exe

    Filesize

    176KB

    MD5

    068a972af9e1e5401c78b8de8fdae6c3

    SHA1

    a97ff3fa7ae87cd2ddcc49db9835d206d176d59c

    SHA256

    f8f6434c5b7112cf33ff06f79335578b537e1009d51482b2b2eceb828765b82d

    SHA512

    1d5ddc743d6fa83b6eb617eb41f2fc168ac55cd82fea7b1ded4735d1586dd46206c6e0790b75cf3fc6b09b835cf0b36b6d117f3ae1aac61e5ad8cb423762c6c1