Overview

overview

10

Static

static

10

db8147c277...18.msi

windows7-x64

6

db8147c277...18.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    60s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-09-2024 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db8147c277df25be04918bb25776d9b3_JaffaCakes118.msi

  • Size

    384KB

  • MD5

    db8147c277df25be04918bb25776d9b3

  • SHA1

    5786894210952d0e3f46bada4d068fede586ab7a

  • SHA256

    92dc93d00d23934b3ca24ed19ba79d4be9eb2012658b41ed32570a2bb1d86ad8

  • SHA512

    dfbf4d62fd6595132839de9beefc3bbe737fa789d4d4593b528ae3ecb48b0c06d74a86a96a86887e4b734370ba3b2c0822a0cbce79a69d6c369beb517cf3c2cd

  • SSDEEP

    6144:BbZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+WN:BbZNNNzbCClCA+jp02GmWhJnav5jUk

Score
6/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\db8147c277df25be04918bb25776d9b3_JaffaCakes118.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2220
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2884
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2812
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000005C" "0000000000000560"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f77be42.rbs
    Filesize

    7KB

    MD5

    f17fa2445ebe19ffdd0198568b77fa9f

    SHA1

    c40bee4e04c2bd28bb0ba618ae0074b4678810fb

    SHA256

    5cd13e893448306bf8f2196a47269500b29a01712081709eb160164737e091fe

    SHA512

    27508f947e0db00b2ccce8fc61b24060fcdd3258cf4513904e8380211f2e441a41d97a74247e265da74ac5de2b5814d1dda57551a8df79b45b5876ff98c88055

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE
    Filesize

    1KB

    MD5

    e7122c733f9e37bba0ca4c985ce11d6d

    SHA1

    d661aa5b31ff7ef2df9bc4095279058c36499af2

    SHA256

    acc9932453f5aa68f4b95986668f5584f99e55bbe02eefc0d0960dab376df81a

    SHA512

    84cddf68a46f455b4ebbb8c0c70607fe60796cfc5eabdace12d0684a1323af9681700acbdbdc37e63d7806d0220fce9cba5213bb35cee056f9d71646f98711b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956
    Filesize

    1KB

    MD5

    732cfeb76b91c4d13978a00b8c666ed7

    SHA1

    0c57f76436701f4d51397d1d4e86337dd9ab1964

    SHA256

    9fab9fc0a1da813e6ddb93904c1fcfa6546cfbe70747ff8468ddd14d2552dbd2

    SHA512

    2b8618e823355a4fa646d51a753f67d34bd7b14367d46fa187f2294af7c2794c6cdee664ea570862757a5f1c99dfcb67a7d4ddf8389d07dd8d696fe55aa538bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE
    Filesize

    264B

    MD5

    88cc5fe4e1bf7b71c0a133d529db140e

    SHA1

    5f9d3442b41c905b7949fb58ccbd2bba10924e62

    SHA256

    5b02964a38fdf762d1a4fb2b0fe2e190e4541047b84ad7c7a8fb033f54d53e48

    SHA512

    bc09efa52cdbf2a93010b0598082a95aa1f3b4fbbf475820ef07d9095447f9fe016f5727412ee93476945dee9e0b9b25122656f8a31b6629bb4238454750df3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17cd1aab82e35f29044d64c6de4cb2fb

    SHA1

    d4a2684a2f44d5fb09b5cf762f607d53d52d2f01

    SHA256

    b9b934508df3f88bc5c32b22dfe94db6d051bef7d7e61622b2dff5927c0ce5a6

    SHA512

    b8353203f96595841100a4a05aa16a0d46b9c1412723bf6111f1f830fa6eda7e634c84b97babc1984814b724b6565b41a1081f6041b96c6ac3930a4903a63a39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956
    Filesize

    252B

    MD5

    52e600ba82dade30f6261ea75774da4c

    SHA1

    fa75904257fbed6259bf1f0ab6ad24de9125d2ec

    SHA256

    05cb747cd751c5525105d9b0cc06d444820a75f47556391c82272a87896069a9

    SHA512

    f8f477be735a1ccabc22191d010434be83edc14e2ba5c9cad3be1c87b424bde9bf24b47c64388c716cb0800493538e88d35dcb594350bf6cb3f9c7249219c705

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBE6F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit