b7ecafb7dda427f875b8ba91ae994ec31c51a7791b43d379022a4e84a1c7c8d0

Analysis

max time kernel
150s
max time network
140s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe
Size

288KB
MD5

4c73a362d01c53ee3960daf4cc9d81b9
SHA1

6248f2b0bdcfbaf123237ff282c744362fca5395
SHA256

b7ecafb7dda427f875b8ba91ae994ec31c51a7791b43d379022a4e84a1c7c8d0
SHA512

c180d6498f29728bf34e43b384b91e0fc91e16b3fad9ba02f90076ed1c256ef2ef9b73fc23b1d86b8c052de1599047b20b3c22f2264fa24b929894b82008a3fd
SSDEEP

6144:RWx4PhJ8zmGoxDCVhFP1WAY/AGk2TMeUA:Rp/5CTFWTMeP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2204	Audio.exe

Loads dropped DLL 3 IoCs

pid	Process
2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe
2204	Audio.exe
2204	Audio.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\ATI Technologies\Audio.exe	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe
File created	C:\Program Files\ATI Technologies\SetupEngine.dll	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	Audio.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2204	Audio.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2204	2840	4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4c73a362d01c53ee3960daf4cc9d81b9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files\ATI Technologies\Audio.exe
  "C:\Program Files\ATI Technologies\Audio.exe" fuck007
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ATI Technologies\SetupEngine.dll

Filesize
1.5MB

MD5
5a184689752caa44322de602a642498e

SHA1
30056fa8c405e13086c7823f00c6a4715a5b84b2

SHA256
77de2f4e6ea122fe9121bc8f271d2edeab8f86ed890c40129bc4e4a251aab857

SHA512
5f078b012b8395735a5ddc58082365d7614a5ea7faa651d8356789b4ba5bf92d48a76a23cbaa54340bef44239bf9323a65d505d293c53baca968d557112ba55c

Download Submit
\Program Files\ATI Technologies\Audio.exe

Filesize
76KB

MD5
7693d8764389bc346f801cc2262a01d6

SHA1
057239cca9858ea8f9bf6879ae2d445cd26f4c8a

SHA256
b31401b74c038bccd74aed03f8c7879c053c975905883dff040f5642abd118ae

SHA512
68f2f8d1279ea8e712ddb794f4c3d4281e5e6f9e21845323c27799d0659631a657f0c646abfc9500fdd7a15d9feb3600e95452dde1ef86d6d49d100bcb868069

Download Submit