Overview

overview

6

Static

static

3

b06cbf34b9...18.exe

windows7-x64

6

b06cbf34b9...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 18:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b06cbf34b9415f928d67807322f1288b_JaffaCakes118.exe

  • Size

    110KB

  • MD5

    b06cbf34b9415f928d67807322f1288b

  • SHA1

    056617f4e0285dba626b777a4c07b68765ee2802

  • SHA256

    a23b259806c1a9ef0d246e3493411bc0f345e392832a731136baa67b7123218e

  • SHA512

    9acadb3d66a9ae7d456631e16755d9d4c7cb9a9660081c77543cbc1a8a9696df942c4fb8e46f507b8fb205ce4c276fdfa12d2f5c9757fdf2f5cb7bbbc54d3017

  • SSDEEP

    1536:+1koYuv0Sta8Xv2LraZYHDzc1AgZ65zIPKJ8x/iC5ul4:zu15XvcuiHgc52qC5uW

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b06cbf34b9415f928d67807322f1288b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b06cbf34b9415f928d67807322f1288b_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops autorun.inf file
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2144

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\autorun.inf
          Filesize

          34B

          MD5

          b5e1f55f1cd449fe8e75be725366a213

          SHA1

          f4bcb82f8eb7053ce989060dbb3db98aa1e9219c

          SHA256

          81d81351e54dfe3ea1da905981c403683ba0d9412216066bfefb20e0bf97bdcd

          SHA512

          88201b0421bcf9816d8462b7ffab4f50e4e8f8db4533f02f9b4e9939da8127259e5119a346e347dff77275e21254c6a518223107a43e6382d7e89a61f78801ad

          Download Submit

        • memory/2144-0-0x0000000000400000-0x0000000000428200-memory.dmp

          Filesize

          160KB

          Download

        • memory/2144-473-0x0000000000400000-0x0000000000428200-memory.dmp

          Filesize

          160KB

          Download