Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 07:35

General

  • Target

    4d5b1ca0fb75751024ad6f9f8fb9a72c_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    4d5b1ca0fb75751024ad6f9f8fb9a72c

  • SHA1

    0b70c1bd46e6eb773e47421861a69a8158703b8c

  • SHA256

    cdd9e6c99cf6dcd2d7f2e70535df94d9f472117754e4ec99196cfcb949cd3114

  • SHA512

    00ff9b2291c4e781e486c4f40f6285f5b6357489c431bafd8d451bf756996672d6149335105154e8f1edd7b531f37e98e64a3bbc083bb4817af53f48b050e54c

  • SSDEEP

    1536:VjtkjtTQPgU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VewNeG0h/l:HkjyIU0GgAT98t

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d5b1ca0fb75751024ad6f9f8fb9a72c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4d5b1ca0fb75751024ad6f9f8fb9a72c_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\zeodaad.exe
      "C:\Users\Admin\zeodaad.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zeodaad.exe

    Filesize

    124KB

    MD5

    c849254f86cb6e9e91fa2efd6ce9ed79

    SHA1

    215cc223892033493b541527db162f6178aa1876

    SHA256

    63fe7b93c51ce9ff344946e4bc4c4fdd4b3cd45a0be23d0d3053b3eb975b8638

    SHA512

    14928c6e3c2f3e0eddf84a93899469b0bb42a24c9d8f771fbdc77dfb731590bc7f8c8c17a082ac8974f32b2c4ca2db48dc8fd20a1301e92b9a10a58f844dbbf7