Overview

overview

8

Static

static

3

bb2dde5f33...18.exe

windows7-x64

7

bb2dde5f33...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    77s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb2dde5f335c866847fe36cee96ad669_JaffaCakes118.exe

  • Size

    543KB

  • MD5

    bb2dde5f335c866847fe36cee96ad669

  • SHA1

    be3fcf5171f1bed16db5aea1c53b867fd67fc525

  • SHA256

    2876be42ed6b55e13a856ebf01510dd94f41f75233ef1edf2eea52a91ad26fb3

  • SHA512

    69e7af7765a03ed345bfeadc5c6bec09e52bc5e5d5f823208198cb53031fce7b7a6a0059f5f1e873526cafb92061451341ad1e8d3138afbcb3e713af86eb8602

  • SSDEEP

    12288:WZGWU2kSliUI+i6sZif2q+11aLRSHsDr:qU1OiUoU2cD

Score
7/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 29 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb2dde5f335c866847fe36cee96ad669_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bb2dde5f335c866847fe36cee96ad669_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Event Triggered Execution: Netsh Helper DLL
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LiveProtection\LiveProtection.lnk
    Filesize

    1KB

    MD5

    cf85bb4d6d26e45145ad4b3b3aea0d02

    SHA1

    1743bed32229978f6359751fbc081d8ca246b343

    SHA256

    57aa56e86678cb4ccf98ef774c62455e34bdc6473ea5cec0fd0a6ea8928ce7bc

    SHA512

    234e191b235f0519131868cc92afa0cb9089d7b6c9e84d47095c3570b3d336c3c46dca4f82bc0e05e455af442dc0a8bc231f437030528a5dc1c4902d004d66ed

    Download Submit
  • memory/2072-12-0x00000000020B0000-0x00000000020B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-42-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-6-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-11-0x0000000002090000-0x0000000002091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-5-0x0000000000390000-0x0000000000391000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-4-0x00000000003A0000-0x00000000003A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-3-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-9-0x00000000003C0000-0x00000000003C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-8-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-19-0x0000000002130000-0x0000000002131000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-18-0x00000000021A0000-0x00000000021A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-20-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-17-0x0000000002110000-0x0000000002111000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-16-0x0000000002080000-0x0000000002081000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-15-0x00000000020F0000-0x00000000020F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-14-0x0000000002040000-0x0000000002041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-13-0x0000000002160000-0x0000000002161000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-0-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-7-0x00000000003B0000-0x00000000003B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-2-0x00000000003E0000-0x00000000003E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-28-0x0000000000700000-0x0000000000701000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-1-0x0000000000360000-0x000000000038C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/2072-29-0x0000000000360000-0x000000000038C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/2072-30-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-31-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-32-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-33-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-34-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-35-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-36-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-37-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-38-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-39-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-40-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-41-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2072-10-0x00000000006F0000-0x00000000006F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2072-43-0x0000000000400000-0x00000000005EE000-memory.dmp
    Filesize

    1.9MB

    Download