Analysis
-
max time kernel
142s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22-08-2024 12:51
General
-
Target
b7b46fa608a14509f40dd0e86334f92b_JaffaCakes118.exe
-
Size
373KB
-
MD5
b7b46fa608a14509f40dd0e86334f92b
-
SHA1
36a595345c5bf2edfc0f9dd00f8708617a81ce6a
-
SHA256
00511e6e026003000efcd4b2b9d43ea2721bb70d155b39845f62a2b356c8ade2
-
SHA512
c6d953a4f4a02081456812b0cf9299c65163db904d73351e9a0dea86d1e2b200480df5965256e3a1de98b6f089d63beffc5b110425e549907caf989d9c545e99
-
SSDEEP
6144:FhTpBrghMqcBaPs5Qo2hr08WATmhrOCstRr1ehiMbH8oSsjCcKeAlpiNoS:Fh9Zqa9mF1Wlhruy78oPC4AXiNoS
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7b46fa608a14509f40dd0e86334f92b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b7b46fa608a14509f40dd0e86334f92b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\MPSVCs.exe"C:\Program Files (x86)\MPSVCs.exe"1⤵
- Deletes itself
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" %12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
373KB
MD5b7b46fa608a14509f40dd0e86334f92b
SHA136a595345c5bf2edfc0f9dd00f8708617a81ce6a
SHA25600511e6e026003000efcd4b2b9d43ea2721bb70d155b39845f62a2b356c8ade2
SHA512c6d953a4f4a02081456812b0cf9299c65163db904d73351e9a0dea86d1e2b200480df5965256e3a1de98b6f089d63beffc5b110425e549907caf989d9c545e99
-
Filesize
4KB
-
Filesize
756KB
-
Filesize
4KB
-
Filesize
756KB
-
Filesize
4KB
-
Filesize
756KB
-
Filesize
756KB
-
Filesize
756KB