Overview

overview

10

Static

static

3

bf89df3b77...18.exe

windows7-x64

10

bf89df3b77...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf89df3b7763f3c0baf5007b66cac3fd_JaffaCakes118.exe

  • Size

    540KB

  • MD5

    bf89df3b7763f3c0baf5007b66cac3fd

  • SHA1

    a172e392b4ba06f066a386578e4313ad0c2e0021

  • SHA256

    6360f77e91ffc89c3232fcf9edfa1807b235943107a06e386bc39b5fa42cc206

  • SHA512

    de587daceb0adb7da2bb242aa1481ad07b26bf9c3c595b2bf6a61e3590a8ad5e90b3d16ad6a8a2ce4adcdc02f5a46e61d73aa739d4c046b46796166910bcb1a3

  • SSDEEP

    6144:Yzv5oXpcFb5DRsNxIYf2GC2vaDjb2veepgFsk:mmZcZlyN/fFC2yDOve92k

Score
10/10
discoveryevasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf89df3b7763f3c0baf5007b66cac3fd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf89df3b7763f3c0baf5007b66cac3fd_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\tazebama.dl_
    Filesize

    157KB

    MD5

    0198bb5c017a274f86b5a94430d805ae

    SHA1

    4bcd0394cacc916e5738ac3f31c929f7bcbff786

    SHA256

    fee5ae17c110f9c683adbb62e4b83721f96502dbf2255192fa26ef1c106a974d

    SHA512

    bd79486f24ab3960c0d8c6bc570332fdcf363cfeec471aa7349d68ac8771fba2ced36774870674c267a480c59069eab76cfb48e22d1bebbd4965a2cbc5e2bd63

    Download Submit

  • C:\autorun.inf
    Filesize

    126B

    MD5

    163e20cbccefcdd42f46e43a94173c46

    SHA1

    4c7b5048e8608e2a75799e00ecf1bbb4773279ae

    SHA256

    7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

    SHA512

    e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

    Download Submit

  • C:\zPharaoh.exe
    Filesize

    157KB

    MD5

    fa22935c8671ac0620a88a118ad0628f

    SHA1

    9409fa63cda94161d3209a78d27d4d71bb461211

    SHA256

    376741475c3f52294c70b9df6b441cec2a04981a31c316a1eb8d4d48d7c57851

    SHA512

    c771a763a9819e33044c64ab378bc62972ed717603c42ac54f2dcc2ccdbb531c9cc46a0e89d4dd3327861eb77a8b3d84c6ab6e1c4cbb34872ce637c980f0fe80

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2257386474-3982792636-3902186748-1000\RCXE62C.tmp
    Filesize

    69KB

    MD5

    8ba404e90194c38541e324657e72f74c

    SHA1

    ad9fda28f95b7747579a7fbb8a18e1d1e6311a49

    SHA256

    8145e4c62390f9c55343cc6dadb790dc2cb9463c4f578fa57bf43f12c4720340

    SHA512

    1f594ebb6b970c9cb86b97d642351106a52db407c6e90db7391b50e97a1136e5ba13aeec66c9b985192c377d8c5c70d3746a00f37bcc83855fea316cf8d82362

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2257386474-3982792636-3902186748-1000\S-1-5-21-2257386474-3982792636-3902186748-1000 .exe
    Filesize

    77KB

    MD5

    f6ac55c35b0c8368ff0ba8f9485d4ac7

    SHA1

    21c2bb4b5e18bcd540339bcbc58b238ba5367ff2

    SHA256

    11cc5c6dbfd59a560699dfec15d8d192af43b564bdb4f76ba9f538044bbd1b3a

    SHA512

    5198a4bf5b50ae050887697fdb07cfd7a6eaeb8656992780f0847ffe5e916cc57e2ebb2ea66417f5fdef63772c831431239a256b9a47de1cd701f924d73f496d

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2257386474-3982792636-3902186748-1000\S-1-5-21-2257386474-3982792636-3902186748-1000 .exe
    Filesize

    157KB

    MD5

    0a2536158c10d460231b7a579c4eaf8a

    SHA1

    8fd9e71989dab101ec9a92dea7b457cf3934e0e9

    SHA256

    607b37696ba3e28456989e56021b677605e12a6ec0f52287af052f319f51927d

    SHA512

    06ed22409fc3a4f61efd42f18849fd61ca3f09a89c9f4cf26878a0bf343b9ce70d6e5af2d94194f5940a8026a2ac79bb83a1333ed17647d990059eb944ee2a42

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2257386474-3982792636-3902186748-1000\WinrRarSerialInstall.exe
    Filesize

    157KB

    MD5

    e1c19ab2298c78b556f85ce108730a5b

    SHA1

    ba50e25bbc6e560d1a34dce51f562a9921215c6d

    SHA256

    b8977b50aef0f819b2444a6e20cb1059505f75e2f9725f72c19c01ab95076c6a

    SHA512

    789c3a02207ed0ec549f9b8bd4d8be99687f29be4e98429dc5167376bb1a2f53470d31e250e7bd11607acb8468913bbcf879d90909e23ee1fa1cce41c802c01d

    Download Submit

  • F:\zPharaoh.exe
    Filesize

    157KB

    MD5

    ef1af1460c894f8ba9082f41f4f265aa

    SHA1

    1b623a65eb1c645057c93f180514195971a8ad6c

    SHA256

    8c06d18f8abec74f1b0cf4068047e156dea936af690c6ae20a6fcb84f149e634

    SHA512

    2118d3e2e3afb68a9c934dedc410bfb4e052ffb7323fb6b862c8ea0ae7b30e92ab6316abb1ebc35b3521ac3dd8cddea979e270735a73e1e134b2454c52c6479b

    Download Submit

  • \Users\tazebama.dll
    Filesize

    32KB

    MD5

    b6a03576e595afacb37ada2f1d5a0529

    SHA1

    d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

    SHA256

    1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

    SHA512

    181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

    Download Submit

  • memory/2044-15-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2044-541-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2444-13-0x0000000000270000-0x0000000000288000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2444-14-0x000000004AD04000-0x000000004AD0F000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2444-12-0x0000000000270000-0x0000000000288000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2444-0-0x000000004AD00000-0x000000004AD61000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2444-538-0x000000004AD00000-0x000000004AD61000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2444-539-0x0000000000270000-0x0000000000288000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2444-540-0x0000000000270000-0x0000000000288000-memory.dmp

    Filesize

    96KB

    Download