Analysis
-
max time kernel
142s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
21-09-2024 04:50
General
-
Target
ef18a9a4061501cf648fa02698df1d47_JaffaCakes118.exe
-
Size
84KB
-
MD5
ef18a9a4061501cf648fa02698df1d47
-
SHA1
6fc7034a4673cbe4f8462ac2ba81bedb2bc6f19b
-
SHA256
1ad04444db1add15f5332e9f63e9b52f54709a2cfe51b691df89dc6687ff054e
-
SHA512
e7b095db1eab8ccec17beafe3e8b0f7072a7dbc81762a54a3cf18121eafeacd194558c554fcc36e3a2fa5c1ef4393bf565674c3b684293f1e41647c2e4c851de
-
SSDEEP
1536:tC2VAQKy9C7qC7r/DSv7jPyzkWODMdnx3MsJZjoQ10JwU6g/212d2yCSf+CR:kECmC7rGvnPyzk/s5MsJZCqw2YiSWQ
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 28 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ef18a9a4061501cf648fa02698df1d47_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ef18a9a4061501cf648fa02698df1d47_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system\150105.exe"C:\Windows\system\150105.exe" /start2⤵
- Executes dropped EXE
-
-
C:\Windows\system\150105.exeC:\Windows\system\150105.exe1⤵
- Modifies firewall policy service
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6B
MD5ca504eec9c363347d772f7890b4b2a56
SHA116abf96a531f661f0c815fe4ecd981aa8142683b
SHA25697a7783741de12242b6d1f220ce0831ce1137b3ff5d620737ddc4859d7ac699c
SHA5128f14600642aed0a3ecd362e4a1f876c93ee53764964c2a6761e86b0010c489badfbfb91daa6425998299f9fed30bd684dc14f09f2499885abb5c345fa4215a0f
-
Filesize
10B
MD5f158a44688c6d5a5a1d57630166b73d8
SHA108971607e2f2e0e32769fc179b61407ecd04e190
SHA25695d5ad8a138aa3e7af6fe45415b7dcd01db97140e3292a36e3adbf478ddd06d3
SHA512f19f40f9cc917d842447948b7aeffbc1ee0501df50e870aeb2ef91e2edc9ff9fac79e60740163f0d1d075b46bf2984bcc99eb37ab5fff678b19d70158e1937e9
-
Filesize
5B
MD50b70b95deb2dfeeb11aa462c44169894
SHA1c910b57b3b3b2a613e623c0101fbd8d6601ed957
SHA2569acec3bdc2a2cda7b170a12131b4965cf2bbce227620db3c3ce6a29dc3f76c2a
SHA5122fefc2a5e04081a7e8725c023cc2ed6f1065ed89d8126ec3ab4cbb3e5599249f0f2fb1c20caaa9ba07b6a0a8607d73d9849848976a39f518859f5f6943d9fb70
-
Filesize
84KB
MD5ef18a9a4061501cf648fa02698df1d47
SHA16fc7034a4673cbe4f8462ac2ba81bedb2bc6f19b
SHA2561ad04444db1add15f5332e9f63e9b52f54709a2cfe51b691df89dc6687ff054e
SHA512e7b095db1eab8ccec17beafe3e8b0f7072a7dbc81762a54a3cf18121eafeacd194558c554fcc36e3a2fa5c1ef4393bf565674c3b684293f1e41647c2e4c851de
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
508KB
-
Filesize
8KB