Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 18:36 UTC

General

  • Target

    dcd21d3523bcd683f8a2929f33344978_JaffaCakes118.exe

  • Size

    69KB

  • MD5

    dcd21d3523bcd683f8a2929f33344978

  • SHA1

    d97bfb456b981f699789f6b699befd4774b43584

  • SHA256

    f6973271ac1f735395315fb47870eec7b7a2a9718e014376d4650b2e2a95ecaf

  • SHA512

    7a86d4fe3faa204e8e2cebbff27cc6241462c4be35e291982d00d969c2cbf6d619b52eb6d7ff323d1dc8b07d14a411f9ec03ac12ee0cece42a94177129426964

  • SSDEEP

    1536:iYfWamqp9NvihgqlsblcINUkxoNuudXpiHTjl5:i7e9NvQVlsb9UkeNuDzjn

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 3 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcd21d3523bcd683f8a2929f33344978_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd21d3523bcd683f8a2929f33344978_JaffaCakes118.exe"
    1⤵
    • Server Software Component: Terminal Services DLL
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:2000
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -K tboicc
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2220

Network

  • flag-us
    DNS
    williamma931.gicp.net
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    williamma931.gicp.net
    IN A
    Response
No results found
  • 8.8.8.8:53
    williamma931.gicp.net
    dns
    svchost.exe
    67 B
    67 B
    1
    1

    DNS Request

    williamma931.gicp.net

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\blsjks.dll

    Filesize

    94KB

    MD5

    a4b2df12e94e6ba5af342a732a649d4b

    SHA1

    02e49faa56c1e86a7bace2afbe2446e056846200

    SHA256

    53c62440703614a6bd0f0ac9b763ce1e0b584b3322f09b7ad7513546128a35c0

    SHA512

    456c2015564fe430b147b847227dd98a0aff3fa7ec9832955b2ec4cf328c1a17130f4945b3662e2c9fdf53d45c4fbd3b7a4f90edbc65985ccc65dddbe7d363ca

  • memory/2000-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2000-5-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

  • memory/2000-9-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2220-8-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

  • memory/2220-10-0x0000000010000000-0x000000001001B000-memory.dmp

    Filesize

    108KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.