62de229787a2daca9d16ea3d53a2601cd30e8c868050f0cb64f7bd4e48b53130

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe
Size

691KB
MD5

87cf4b829639ea66dfaffc7aeab210da
SHA1

36207a964154f4c9f3a85180acf007e3a0429637
SHA256

62de229787a2daca9d16ea3d53a2601cd30e8c868050f0cb64f7bd4e48b53130
SHA512

027ef5d2664f75022e81f9e7fbf98d832cb19a03bc4ba9f23e5f866d38a80c0e8b8b629f10048d5de5619af2e93732be466fc6c03f575b5073a79e4122a92f60
SSDEEP

12288:KRxN0vaKaKsI2Azlklp7wsmk2r/Bszy9xXF3Z4mxxOIScEVnWIgmJ6CcjN:45KFsFVCr/UgRQmX1EWzmJ6t

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1336	5.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\C:\Windows\3600tray.exe	5.exe
File opened for modification	C:\Windows\C:\Windows\3600tray.exe	5.exe
File created	C:\Windows\uninstal.BAT	5.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Windows\C:\Windows\3600tray.exe	5.exe
File opened for modification	C:\Windows\C:\Windows\3600tray.exe	5.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1336	2968	87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe	84
PID 2968 wrote to memory of 1336	2968	87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe	84
PID 2968 wrote to memory of 1336	2968	87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe	84
PID 1336 wrote to memory of 4360	1336	5.exe	88
PID 1336 wrote to memory of 4360	1336	5.exe	88
PID 1336 wrote to memory of 4360	1336	5.exe	88

C:\Users\Admin\AppData\Local\Temp\87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87cf4b829639ea66dfaffc7aeab210da_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of WriteProcessMemory
  PID:1336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.BAT
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe

Filesize
792KB

MD5
9e0671568f3f6a465603634c4484abd3

SHA1
a027bb37744e19304e8c7132db469e742d4c43c7

SHA256
038f7ea22015a807c5e6fe69f57f55e8fe08569c31387e5ce32699c93dd3b225

SHA512
3035130c24675ee884bbdaf31c7eab61711e2ddfa6713734a856f3d24e4ea9d2ec1fc4fd8732f1f75357ae8410b371c2aaf269db98086a12207b73f833289d06

Download Submit
C:\Windows\uninstal.BAT

Filesize
150B

MD5
5ce77c1059bc43f20a619ff52fb80e4e

SHA1
531bf89d9330ef5f2af67bebb75cb27e3f92f03e

SHA256
773ea78adb1df00ad3d56bd62dee9f1c067221cacdd60f8adb260fdbf7af6051

SHA512
9d4c0013fe755398d8d66c2412fbe28be83a3866173f23b0f9ad36adf88aa4f62916c02b64fb985a2f11e8404c3ddf46ebee1f81b2cafdf215aa10cf6af5060f

Download Submit
memory/1336-90-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2968-0-0x0000000001000000-0x0000000001112000-memory.dmp

Filesize
1.1MB

Download
memory/2968-1-0x0000000000640000-0x0000000000694000-memory.dmp

Filesize
336KB

Download
memory/2968-4-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2968-9-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-23-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-82-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-81-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-11-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-80-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-79-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-78-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-77-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-76-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-75-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-74-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-73-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-72-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-71-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-70-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-69-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-68-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-67-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-66-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-64-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-63-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-62-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-65-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-61-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-60-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-58-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-59-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-57-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-55-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-56-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-54-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-53-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-51-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-52-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-48-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-49-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-50-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-47-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-46-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-45-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-44-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-43-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-42-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2968-41-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2968-40-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/2968-39-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/2968-38-0x0000000000D80000-0x0000000000D81000-memory.dmp

Filesize
4KB

Download
memory/2968-37-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-36-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/2968-35-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/2968-34-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/2968-33-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/2968-32-0x0000000000C70000-0x0000000000C71000-memory.dmp

Filesize
4KB

Download
memory/2968-31-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/2968-30-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2968-29-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/2968-28-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/2968-27-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-26-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-25-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2968-24-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-22-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-21-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-20-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-19-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-18-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-17-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-16-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-15-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-14-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-13-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-8-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2968-12-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2968-10-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/2968-7-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2968-6-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2968-5-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2968-2-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2968-3-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2968-91-0x0000000001000000-0x0000000001112000-memory.dmp

Filesize
1.1MB

Download
memory/2968-92-0x0000000000640000-0x0000000000694000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads