Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
12/08/2024, 13:17
General
-
Target
8edf14743d9aad6c902495b146eec0cc_JaffaCakes118.exe
-
Size
2.7MB
-
MD5
8edf14743d9aad6c902495b146eec0cc
-
SHA1
bbbbff3c19319b4b511b44ee5a3cf77c122cc87b
-
SHA256
1de72c999674ec019d04ad28d946e0ebb3b6f6e29ccdd3284f152804e7791583
-
SHA512
1f9c4cb1e9bd0c54b4b658619a8945c8ae64d53060896c7a8f248582383affdbe68265472e40e03edbaca2f84f75b248454d1320be5dec2da6f944d8b884caac
-
SSDEEP
49152:RH73q/dlUyNJ+TBGxZykI9vA6qX9B9RElKBG1O:xjq1N44WEXP9RElKB
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8edf14743d9aad6c902495b146eec0cc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8edf14743d9aad6c902495b146eec0cc_JaffaCakes118.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD52004bcee923b0e0222f4cab87c2c2a3d
SHA10a3c122b7cfe403403d913ecc1b328480b1bfc2a
SHA256f92f08df2b65e2f5b5db141c99b098c8b077c0c853a1fd51bfcc6d40dc68ad77
SHA512cae47a4dfdb942622ebca65d57e9d80c29cb299aa8c217983e34a51655c2e96ed26c7fa2fad978b6279ed4d3c8c0571e417c60152bf66a116f67d0fe38d6a445
-
Filesize
735B
MD5dd2d1edf47007f16d8a6d903203a806a
SHA17db4e99bde86371ed3533bd235d7e29ef5d77d3e
SHA2564a36fc72f5a6aa09316a662f13570da16a1ba55fb13e91b2963a097d3cf94311
SHA5123644267e914f9bc4e286ba3e213d3e8c182d78f5d9b4de7ade60cf9a1c0cbb6cfacc6a3e254927dea19720baa0064e420a250176658d8563b50a048a511e17d0
-
Filesize
2.7MB
MD59ce205b8e6148c665de446c6e0d5a389
SHA1dd179054d1d77638e24cfeb750eea7cd3b601175
SHA256d80374562d4e6779a44ab27e8ef9337ba28ff91b179e2b4481fb790b92bee8ef
SHA5121a20090849c8cf82530d9659092310a0278c8d0f89aae69ea97310a75c8eca53ce53b67d2881a9c7ad1ac342990550da0608c4a9e2989594c007449e174f75e5
-
Filesize
1.3MB
-
Filesize
164KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB