Analysis
-
max time kernel
112s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 15:39
Behavioral task
behavioral1
Sample
c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe
-
Size
663KB
-
MD5
c10d3d991e91bb50aeb21db0347eb564
-
SHA1
b1f8081dfa65fa77c4d340843a9430450e9fc9c0
-
SHA256
b981e2304ff1d17a04d9b5d40ece13edede58ddfb7710e2d61d5d11c950c14cc
-
SHA512
96aa49501bdeff9afdd4ee48a6c0055de9d5b93073072bd61608422cc6c26da2b946c3cc9d887026bdeda64f19ba07160de76d12fafe88668fa73fb751362d9c
-
SSDEEP
12288:AKrqmD1lTn78Isk3bYlDEBMYilJjfrpbYPt0P4dkYaVh+yVqGFPH:RjpljVsk3bmDEBMBM2Y/yPPH
Malware Config
Signatures
-
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\Windows\SysWOW64\1u778gw8.dll c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\1u778gw8.dll c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe File created C:\windows\SysWOW64\wbem\AYMTVVOTMUADFOI.INI c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\DelSelf.bat c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PING.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4536 PING.EXE -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 4536 PING.EXE -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4120 wrote to memory of 1728 4120 c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe 84 PID 4120 wrote to memory of 1728 4120 c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe 84 PID 4120 wrote to memory of 1728 4120 c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe 84 PID 1728 wrote to memory of 4536 1728 cmd.exe 86 PID 1728 wrote to memory of 4536 1728 cmd.exe 86 PID 1728 wrote to memory of 4536 1728 cmd.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c10d3d991e91bb50aeb21db0347eb564_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\DelSelf.bat2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Windows\SysWOW64\PING.EXEping -n 5 127.0.0.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4536
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
249B
MD5039ba87c533b69967cf9ffec1610d095
SHA1f11cd8ad23b70f491cc6724acf70cb04fd3c75d4
SHA25615f7a276154c02c637c23d38c76760b5b79556cc10fd2cd71bebd8074aeba401
SHA512981494ee2adb80b1ca4c84b15cc8fb3891df283ff48b27d67fb4007a54acd06f59f8d85856d94a1ab9e00ac0b8bd326938199d06016fc61442b66b84f961166c
-
Filesize
1KB
MD58c4214f3fddae5cb00a10ec78ca40574
SHA150a32f02fdc371f76bd0877065e0456adf10f954
SHA2566b6e52fab74b6a7174cb6f71f91cac8a794d5bd3cfd61782140d155a3f8bfa95
SHA51200480fe8a6b7713501e4bfa5c819a98c7296340ed091bf95edb92a64fb500b8ea791e52ed3227470ac5a4638d6886703bf9384efb767e96c7d6fd9d738d3ad82
-
Filesize
2KB
MD5d25c977e77c094f2cdce2cf8e0df2416
SHA1e939334d622ffbca21e400798fe84b98bd095d69
SHA2567e94d19a5241979877d810b714dfd5fbc82600e8be03483a2368d58d79480196
SHA512f6982a8a7fec0c5e97bae855b111f8f77ef3ed5128621960a8e4a0254de5cae3a89f3c7b9a6c0b603eb0a631b90fe8d91449b2dcc7445888852d2b697638efe5