Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2024 12:01

General

  • Target

    6326eaf317df4dd91dec74aa6cd35cd0_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    6326eaf317df4dd91dec74aa6cd35cd0

  • SHA1

    0ea662a07b7590b3ae82381e93a4829b5aff40cc

  • SHA256

    8c08d2f5f022dffa781517187ebec4f415b1eaa1431298931275f210073e74fa

  • SHA512

    33987c47223e963beff062280c724178d96e6fa9f18911659de52cb02907eca56ab453465b6a636fa8ec01566b464da2993313430a01567d0acd63cf4d6ec1f6

  • SSDEEP

    3072:ZANPhL3isZtSxch3Z1C5GbWyleXkbxy6cuH8Al4oQZiEC/:2Ph2sZ5b1OGbU0NBzXW4

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6326eaf317df4dd91dec74aa6cd35cd0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6326eaf317df4dd91dec74aa6cd35cd0_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Users\Admin\pioicu.exe
      "C:\Users\Admin\pioicu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\pioicu.exe

    Filesize

    156KB

    MD5

    2c03fc6dc0db3238af2fd25467120490

    SHA1

    7caf79cc43f516068c27caf0409dc8f4ffced733

    SHA256

    637e836152a32001d6e3ac9058e5390cdbfea8fa8e79ee51b35e60afef854cd5

    SHA512

    b8e093b12e7a25ba914727ca7611f44c3820e149eacdbfd78d583b547e8e56f7f0b6702eef7278593d18e8db3c9f74adfd567d20d5419628c94935a994980f72