Overview

overview

8

Static

static

3

fd0bba3758...18.exe

windows7-x64

8

fd0bba3758...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    96s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd0bba3758d1222617a1ac9107ab96ee_JaffaCakes118.exe

  • Size

    672KB

  • MD5

    fd0bba3758d1222617a1ac9107ab96ee

  • SHA1

    7663e0a51ecd65b7d5285f889f653d7d1b6a683c

  • SHA256

    a274682f37bd79983e7020ee2da677f74520c31f81dd390790e68c440427cff9

  • SHA512

    ebc4738c962c7765345f827dd8275117a4e8350e769d3969b2b3dc7e052e170cc4a3dc1e6fce133019b57506c88eb546cc8468eb379f40b80a844868b3eb6f1a

  • SSDEEP

    3072:5A3kRAyKVHAz6o130Sbr7qH7e+TRDDW5n4iAGZupbLbkJOSxhb1cGmx2m:ukRAl4JrGXD+nbAGZul9ehx1

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 11 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd0bba3758d1222617a1ac9107ab96ee_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fd0bba3758d1222617a1ac9107ab96ee_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\jnnj.reg
      2⤵
      • Sets service image path in registry
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Runs .reg file with regedit
      PID:3000
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ping 127.0.0.1 -n 1 && del "C:\Users\Admin\AppData\Local\Temp\fd0bba3758d1222617a1ac9107ab96ee_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\jnnj.reg
    Filesize

    9KB

    MD5

    1728f9a2f4cb2635a964b71c7a2d2f49

    SHA1

    3f2f122cde78753144bd0207523a9e8b44388182

    SHA256

    5f30bb41ec79bd9c58133e1c57fc25d63d9d16aabe40b8e90748450f4b3f3a45

    SHA512

    a153cf2506ae2b9ccabaebcd51a800d132b6a0fc4192c1ddb65279a6a864131477646a2ac2e9b96142206c4ead6aa3dbb748f06e004da42c6841bc91fb60a0f9

    Download Submit

  • memory/1028-0-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1028-1-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-2-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1028-11-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1028-12-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-13-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

    Download