Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 01:01

General

  • Target

    6228000c2488d7dd89970ecd6d0b9ff8_JaffaCakes118.exe

  • Size

    209KB

  • MD5

    6228000c2488d7dd89970ecd6d0b9ff8

  • SHA1

    4b027947798ae6a5cc4b777cf3917c1ba0a3c330

  • SHA256

    ac4a3e618c040ac02d28fdef462bc0d1fcf78467f622ca6fb7c49f23a5124733

  • SHA512

    bb057f0598db346fa86d55cdcae6b64320c4dd286f54de6d6566198b7a89b74b236ef93deb2af749538a14fd94fe9856e94be7ac850515800fcebe6a5fdd57f3

  • SSDEEP

    1536:kwQBHvoYUWjzlZLXf4QJpUT0mSBAgapetc8o/Kdgo5QGuG3g7/:kBlvaWjzrLXQQJKgmSBAVpet2Ago5lu

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6228000c2488d7dd89970ecd6d0b9ff8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6228000c2488d7dd89970ecd6d0b9ff8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files (x86)\7df4d4c\jusched.exe
      "C:\Program Files (x86)\7df4d4c\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\7df4d4c\7df4d4c

    Filesize

    17B

    MD5

    2130fee70fc3f7c10d5279f96f98ad1e

    SHA1

    4307cef89171fa230048ea22546802198d888780

    SHA256

    3506e286f6223ccaf1665d4e457b712abeb527266ff28327ce60e37b9fbeb404

    SHA512

    67fa1bb31028ff3ba125f184207499b9205f58c9eef2ac948f5824475515c396b3d5f93e207cb96deffe1aedb286b1f935cc689c5d84449e51c517da1cffe2e5

  • \Program Files (x86)\7df4d4c\jusched.exe

    Filesize

    209KB

    MD5

    9e745ae7607d66043992c0912daaebdf

    SHA1

    6a7c4befd05144e762a268fc64ecd520b011646c

    SHA256

    7d71154e974e99a4300f7399abe7e4dfdb69ab476ee5e9f5f09eaf03053217b6

    SHA512

    ebec5bb47c7bc0c7c54593c09d1c0175ad7f438d2de8e49a3fc67e6ee69fd6bfb8f93ed0708ea8ae899925d7f22da6c8883456084356f6ca18657221ef272aab