Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30-09-2024 09:35
General
-
Target
00a47f3b4f5b329b0a720a0a1ab68eed_JaffaCakes118.jad
-
Size
68KB
-
MD5
00a47f3b4f5b329b0a720a0a1ab68eed
-
SHA1
afd73e6936042a9b3312eeabdeeb80b86c693f20
-
SHA256
96c10c70a4ef1f03a2a1e23895b2bda0337c9178132d537fe8f946ec4d9bc06f
-
SHA512
efd6422a4e9637f77c1abe548d3461bcf2786ed9828d05c74e1ec52e644535dd56af00d844c57495d7b59f5e7a7177d6bb2db264755ce5dbcbec1558ce9c1e66
-
SSDEEP
1536:EjUcFC+MEciwy7GtW2insgvrGoZNGtW2insgvrGoZZ:EjUcto67ZsArG8ZsArGy
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\00a47f3b4f5b329b0a720a0a1ab68eed_JaffaCakes118.jad1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\00a47f3b4f5b329b0a720a0a1ab68eed_JaffaCakes118.jad2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\00a47f3b4f5b329b0a720a0a1ab68eed_JaffaCakes118.jad"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD514b9e44ba8152c47acc54296fc2bed6b
SHA1d59383470f2089fd0a75745c3e40b6f4bff7ffed
SHA256ab0b9e639f6f16410709036aeac1ab87bb96f4a44b331e393ebc120667f60550
SHA512dac166534889323c278c50e50637d7ceec485624dfe18eaf14257d081d4bf68e0c4c16080c8f04cee918d4f5ddf5a77e3c1d7d2c1f8e85e59d226b39edb51cc0