Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
25/07/2024, 20:44
General
-
Target
712a8410eaaded45fe2c0520c3be6862_JaffaCakes118.exe
-
Size
94KB
-
MD5
712a8410eaaded45fe2c0520c3be6862
-
SHA1
02001f0122c72be8cb89022f659fd3d902201ed6
-
SHA256
6537f5c437525c989131cd29f1279b89519d22f6e5425eed03ece1570da63f15
-
SHA512
57e64a9fa27ccb524783172470c42c21262c5df7267666842f20a779360d861dc6166ebffa0503e1e3b2033340572104835205476345a1315c1dd5f0924fbc6b
-
SSDEEP
1536:7xdfvoglDRkdLBiZChfjAzik8h27chGPE1xIaiCOmaxhm+Gie7lYRq+hoEEJQ5Gb:7rfvo2FGLoWAztv7cEPEP9iCO9xhm+GZ
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\712a8410eaaded45fe2c0520c3be6862_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\712a8410eaaded45fe2c0520c3be6862_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$c9904.tmp.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Windows Media Player\svchost.exe"C:\Program Files\Windows Media Player\svchost.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5712a8410eaaded45fe2c0520c3be6862
SHA102001f0122c72be8cb89022f659fd3d902201ed6
SHA2566537f5c437525c989131cd29f1279b89519d22f6e5425eed03ece1570da63f15
SHA51257e64a9fa27ccb524783172470c42c21262c5df7267666842f20a779360d861dc6166ebffa0503e1e3b2033340572104835205476345a1315c1dd5f0924fbc6b
-
Filesize
261B
MD5f94841c1ddeac11c79fdf6aeb165c121
SHA1fe615ee260aea6cd72fc601c9e1b98037d76320e
SHA256e8fa0df2a59217d0375ecafdb1ee003ae38c7c26d14aa2c703d332f73ff393d9
SHA512ae85443ad187369ce3065b9789b9fa61fc50d2a1cf6beb415d88d54a0e7cacaebd9a37d7c55bcb3c9bd06d43bbd6e38ef59620113602334f764dddbe61377a58
-
Filesize
136KB
MD58094a47d7aa849d45c2f90fd4d2b4d41
SHA150fe4a5663c15e6d41c49d0a5adc1c5ab4e7eb87
SHA2569db34dc09856f80ed7b07631979b01507dc307fcb6bd4a9ca1d7662880946edb
SHA51258c441ec4e0e126594dd17397c04602c0dcb0198920487434b5da4f924cd2bf22b56e4e85a7aadb5d3502b053da539a65aa9b6ea116e17f5a8eb7c792c8d5b93
-
Filesize
300KB
-
Filesize
128KB
-
Filesize
300KB
-
Filesize
300KB
-
Filesize
232KB
-
Filesize
128KB
-
Filesize
300KB
-
Filesize
232KB