Overview

overview

10

Static

static

3

4d88fa3ed5...18.exe

windows7-x64

10

4d88fa3ed5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 08:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4d88fa3ed51abca27315e99cd38119f1_JaffaCakes118.exe

  • Size

    90KB

  • MD5

    4d88fa3ed51abca27315e99cd38119f1

  • SHA1

    27039a7651a65025202578d315dd50daa170a4ac

  • SHA256

    47b093f5c08c63716909e749104862e520692127b88df5e56f9674d400e0020f

  • SHA512

    6d9eb6d12c8b157a5de160e80abb06b635eb0d6812f2747c84f9982167786b80bdce5e9ce85d96f5d78f64c7297e7c97dcc7d28b9b8253d5ad5abc595156f538

  • SSDEEP

    1536:mSF1TghnhDfudojXMZeXR7k35e1oqkZ/tmiijP0e21cJdQIkhVRI5fy9p:ChjuObMEXRk3Q1oL4rcSJkhVRI5a

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Windows security modification 2 TTPs 5 IoCs
    evasiontrojan
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d88fa3ed51abca27315e99cd38119f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4d88fa3ed51abca27315e99cd38119f1_JaffaCakes118.exe"
    1⤵
    • Looks for VMWare Tools registry key
    • Drops file in Windows directory
    • Modifies registry class
    PID:4604
  • C:\Windows\services.exe
    "C:\Windows\services.exe"
    1⤵
    • Modifies security service
    • Windows security bypass
    • Looks for VMWare Tools registry key
    • Deletes itself
    • Executes dropped EXE
    • Windows security modification
    • Modifies registry class
    PID:2828

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\services.exe
          Filesize

          90KB

          MD5

          4d88fa3ed51abca27315e99cd38119f1

          SHA1

          27039a7651a65025202578d315dd50daa170a4ac

          SHA256

          47b093f5c08c63716909e749104862e520692127b88df5e56f9674d400e0020f

          SHA512

          6d9eb6d12c8b157a5de160e80abb06b635eb0d6812f2747c84f9982167786b80bdce5e9ce85d96f5d78f64c7297e7c97dcc7d28b9b8253d5ad5abc595156f538

          Download Submit

        • memory/2828-12-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-15-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-6-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-7-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-8-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-9-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-5-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-13-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-10-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-14-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-19-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-16-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-17-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/2828-18-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download

        • memory/4604-4-0x0000000000400000-0x0000000000487000-memory.dmp

          Filesize

          540KB

          Download