Overview

overview

8

Static

static

3

8d516b88a1...18.exe

windows7-x64

8

8d516b88a1...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-08-2024 04:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d516b88a13c5185eaf68d9d8e35f83e_JaffaCakes118.exe

  • Size

    76KB

  • MD5

    8d516b88a13c5185eaf68d9d8e35f83e

  • SHA1

    02b2b0552a69831dfe4a89f32851bba64cb490ec

  • SHA256

    437c55b16ad3204d7b21bc391c10fd9e90863fa90f0e674bc2fb087d2c04efe8

  • SHA512

    f960462303cbaeb8238eeb6e29becd9526a309e07c200c0a149f1dab21daca6012cca140005b4721fbd7333367474ae20150b80ddc3a04ed02304ac061645bfe

  • SSDEEP

    1536:xIvPq/rk/lz555UEiUTwtUGaP7uKyYfN/ILqFHDN/c:xCP59z3yEpGazuEVJHJE

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 54 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 48 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d516b88a13c5185eaf68d9d8e35f83e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8d516b88a13c5185eaf68d9d8e35f83e_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\mywcc080513.dll bgdll
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\downf.bat" "
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Windows\SysWOW64\myhhcc080513.exe
          "C:\Windows\system32\myhhcc080513.exe" i
          4⤵
          • Adds policy Run key to start application
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2604
          • C:\program files\internet explorer\iexplore.exe
            "C:\program files\internet explorer\iexplore.exe"
            5⤵
              PID:3056
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /c "c:\nmDelm.bat"
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2912
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2028
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2008
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2976
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2356
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2396
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2736
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2928
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2600
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1964
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2480
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2112
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:776
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:664
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2124
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2260
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2400
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2216
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2456
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:928
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1744
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2420
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1720
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:308
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2520
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1628
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:3000
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1240
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1736
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:3020
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1584
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2704
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2972
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2960
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2368
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1208
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2676
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2580
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:992
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1076
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1644
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2988
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2252
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1932
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2736
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:3064
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2152
              • C:\Windows\SysWOW64\PING.EXE
                ping 127.0.0.1
                6⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:1964
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c "c:\nmDelm.bat"
        2⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Windows\SysWOW64\PING.EXE
          ping 127.0.0.1
          3⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\myhhcc080513.exe
      Filesize

      76KB

      MD5

      8d516b88a13c5185eaf68d9d8e35f83e

      SHA1

      02b2b0552a69831dfe4a89f32851bba64cb490ec

      SHA256

      437c55b16ad3204d7b21bc391c10fd9e90863fa90f0e674bc2fb087d2c04efe8

      SHA512

      f960462303cbaeb8238eeb6e29becd9526a309e07c200c0a149f1dab21daca6012cca140005b4721fbd7333367474ae20150b80ddc3a04ed02304ac061645bfe

      Download Submit

    • C:\Windows\SysWOW64\mywcc080513.dll
      Filesize

      27KB

      MD5

      06a451ccae696f33f2317b2fa2a4ee5c

      SHA1

      6da33d5542306527f6bd64e6834f85ea96a8ad03

      SHA256

      93bb9f7b92671bedcc25422312dcaee96977272e4eaddaa0165afcdeef5c777c

      SHA512

      fdb097cb1b188ab465edcdb50172cb612946db1adb4c8e70d422df5832ece984d7a2e3de0354d9e39d283510901efdb8782028573880812545a11bf4262f3094

      Download Submit

    • C:\Windows\cc16.ini
      Filesize

      149B

      MD5

      f50b1895e8b022f8246df22155144aaf

      SHA1

      f6e9318a16a16138f54e25ca5d4af0d7b67fcf7d

      SHA256

      ee8ff07eab4a4b5ea967762194c737caf7618d91cdffa99f35d3e2cd89025b90

      SHA512

      3a8c4cd72ac431f084fac134f5dd82bf996eed17402c661e69d9f23b48080f579334b4e6e41c91a482d54adc82c7918921e0b51a72d20dc54b5dcfd005ac2ee9

      Download Submit

    • C:\Windows\cc16.ini
      Filesize

      189B

      MD5

      8ac1a254adab3e167db79c7c8deeac14

      SHA1

      0b4dea33744726c43f4832b95a12ada1f0fa820a

      SHA256

      e581673347ebc4fb3b51c05280f7a79bff1d8e265cc6c0ccb9e91bb7c07a91bd

      SHA512

      820e137bd6949e74da2fa8703fef339002fd794a3cfde02e6465229b3c751e134376c03c6ad31350f45589f6ee3fd91691b6072aaed4ced6a0aa672a7fbdb92c

      Download Submit

    • C:\downf.bat
      Filesize

      50B

      MD5

      21e1cd421aebee2c6d8629f28a3d5e3c

      SHA1

      50927f5e5b69513d53f1c479c0b713f5d5e134e9

      SHA256

      3414a087b7c86799a143faf9c5342a54573a89e51de6803f915bb8a17a46d775

      SHA512

      d1e05f18d19a8322680ad2b3bafab4ba4fe4c0e11d3b2df1224c6d150203f0c9fc7f86491fc523de1720de6f0506de9743e0107ff17746a3c4dc916ba841036a

      Download Submit

    • \??\c:\nmDelm.bat
      Filesize

      233B

      MD5

      beb4349a4c174b14db0633c6297146b9

      SHA1

      25c8bea127d2b152600bcf30ed17f342dc1ceec5

      SHA256

      6c15c423c14c6c6be09c2fa753b9092234fa9aba746c799966de6156b9db30f0

      SHA512

      b6c539c7ff0ddff4c343eaa82658ac81d36323e60ccee807f812efae31f3d3879570043143d72b8832b6cea1bd19102d6d9e4fca7257c16d7a1a7a2dca9221a9

      Download Submit

    • \??\c:\nmDelm.bat
      Filesize

      137B

      MD5

      69fbdb93c32ac26f2440381eb78ca8ca

      SHA1

      6a6c2bfb0b6737abfe0d126554b0a6c9fe6f99a0

      SHA256

      656685bf5598ede2ac2c48dca16f41cdd871bcd695ff571ed6da925e9ead8bc1

      SHA512

      0197ec63c5416fd86254059f06545b4650d27fd1e28fd1e955a83f2f1c11cf05427a11ef30ec94382204f17fc46e087c07e011f1f5bbd5c91cd2b6c8dea9fcb1

      Download Submit

    • memory/2796-19-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2796-40-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2796-41-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2796-46-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2796-52-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download