Overview

overview

10

Static

static

3

a7b98846b3...18.exe

windows7-x64

10

a7b98846b3...18.exe

windows10-2004-x64

7

$APPDATA/l...60.dll

windows7-x64

1

$APPDATA/l...60.dll

windows10-2004-x64

1

$APPDATA/l...st.dll

windows7-x64

3

$APPDATA/l...st.dll

windows10-2004-x64

3

$TEMP/Stic...ud.dll

windows7-x64

10

$TEMP/Stic...ud.dll

windows10-2004-x64

10

$TEMP/m6_i...60.dll

windows7-x64

1

$TEMP/m6_i...60.dll

windows10-2004-x64

1

$TEMP/m6_i...sm.exe

windows7-x64

3

$TEMP/m6_i...sm.exe

windows10-2004-x64

3

$TEMP/m6_i...p1.dll

windows7-x64

3

$TEMP/m6_i...p1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7b98846b36bcb5c93ff603820a16a78_JaffaCakes118.exe

  • Size

    350KB

  • MD5

    a7b98846b36bcb5c93ff603820a16a78

  • SHA1

    42eafda73dff59b05a07338c869e0a102e1f3463

  • SHA256

    4eb8bed8591422f6065c3198d6c3464b14e438f6566003997d98b81d776f02b9

  • SHA512

    d7061fb3f7976a4bf383023821419226e0ffac92a79b3e7ff2cd6e53f9a9cdc54b45a7f1def05750b3f9cedaebabbf660149e27384d75a09da0a6eaa173ae476

  • SSDEEP

    6144:pPCganN5KPWsaDmht+8CP6swJZ8LNJ+8tMJqgZnN9iHFUNHk4d9bYrz8RbKVox+n:nanLKesgmhkLxwJZ8LNPmZN9EZ43HaoO

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7b98846b36bcb5c93ff603820a16a78_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7b98846b36bcb5c93ff603820a16a78_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe Stickinthemud,Piggins
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3396
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
          PID:3348
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 144
            4⤵
            • Program crash
            PID:2308
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3348 -ip 3348
      1⤵
        PID:4976

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Selfimage
        Filesize

        248KB

        MD5

        923982d24d8d73ebd4d5b3c4d76ea3d8

        SHA1

        d97d2c044de136009504276c0123f26ced1de688

        SHA256

        ea55fca2b4b99317f9c2be760b4df30c13ada4aa513e479c00cce007b20ea0f3

        SHA512

        118c1291b02f51b784ff278c552511c07a44fb31fbe965f3be63f713a7c0ed6da11cbe9a8d866b008a4e32588e3b2f3546ca99f8d5f39dcc968f881d24b1c42b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Stickinthemud.DLL
        Filesize

        44KB

        MD5

        441254ab998d6ec5636622dd2b7ea539

        SHA1

        6e6546776316ebf8e9039107ca1bc9b32705625a

        SHA256

        26963ffdddd241f6d0f5d54824335afcc55705876708c238628e1fefe559f045

        SHA512

        02c03ec58d5baa8b7b6804b161678582e317a52a4dfec07970dc44003a93e3e3d6f1cb17714bf406096c8b0d28ed7b0828ea5f7926f88722532114df4213d6f0

        Download Submit

      • memory/3396-16-0x0000000002AF0000-0x0000000002AF3000-memory.dmp

        Filesize

        12KB

        Download

      • memory/3396-17-0x0000000073FF0000-0x00000000740B8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3396-18-0x0000000075DB0000-0x0000000075E13000-memory.dmp

        Filesize

        396KB

        Download

      • memory/3396-19-0x0000000073FF0000-0x00000000740B8000-memory.dmp

        Filesize

        800KB

        Download