Analysis

  • max time kernel
    112s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2024 15:39

General

  • Target

    c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe

  • Size

    663KB

  • MD5

    c10d3d991e91bb50aeb21db0347eb564

  • SHA1

    b1f8081dfa65fa77c4d340843a9430450e9fc9c0

  • SHA256

    b981e2304ff1d17a04d9b5d40ece13edede58ddfb7710e2d61d5d11c950c14cc

  • SHA512

    96aa49501bdeff9afdd4ee48a6c0055de9d5b93073072bd61608422cc6c26da2b946c3cc9d887026bdeda64f19ba07160de76d12fafe88668fa73fb751362d9c

  • SSDEEP

    12288:AKrqmD1lTn78Isk3bYlDEBMYilJjfrpbYPt0P4dkYaVh+yVqGFPH:RjpljVsk3bmDEBMBM2Y/yPPH

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\DelSelf.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1728
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 5 127.0.0.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:4536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\DelSelf.bat

    Filesize

    249B

    MD5

    039ba87c533b69967cf9ffec1610d095

    SHA1

    f11cd8ad23b70f491cc6724acf70cb04fd3c75d4

    SHA256

    15f7a276154c02c637c23d38c76760b5b79556cc10fd2cd71bebd8074aeba401

    SHA512

    981494ee2adb80b1ca4c84b15cc8fb3891df283ff48b27d67fb4007a54acd06f59f8d85856d94a1ab9e00ac0b8bd326938199d06016fc61442b66b84f961166c

  • C:\Windows\SysWOW64\1u778gw8.dll

    Filesize

    1KB

    MD5

    8c4214f3fddae5cb00a10ec78ca40574

    SHA1

    50a32f02fdc371f76bd0877065e0456adf10f954

    SHA256

    6b6e52fab74b6a7174cb6f71f91cac8a794d5bd3cfd61782140d155a3f8bfa95

    SHA512

    00480fe8a6b7713501e4bfa5c819a98c7296340ed091bf95edb92a64fb500b8ea791e52ed3227470ac5a4638d6886703bf9384efb767e96c7d6fd9d738d3ad82

  • C:\Windows\SysWOW64\1u778gw8.dll

    Filesize

    2KB

    MD5

    d25c977e77c094f2cdce2cf8e0df2416

    SHA1

    e939334d622ffbca21e400798fe84b98bd095d69

    SHA256

    7e94d19a5241979877d810b714dfd5fbc82600e8be03483a2368d58d79480196

    SHA512

    f6982a8a7fec0c5e97bae855b111f8f77ef3ed5128621960a8e4a0254de5cae3a89f3c7b9a6c0b603eb0a631b90fe8d91449b2dcc7445888852d2b697638efe5

  • memory/4120-79-0x0000000002390000-0x0000000002391000-memory.dmp

    Filesize

    4KB

  • memory/4120-83-0x0000000000400000-0x00000000005F1000-memory.dmp

    Filesize

    1.9MB