Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-10-2024 03:05
General
-
Target
15ea52d18b4a791c0f1a388f2d8cc1b0_JaffaCakes118.exe
-
Size
220KB
-
MD5
15ea52d18b4a791c0f1a388f2d8cc1b0
-
SHA1
cd4e33cc62a3d5f8d5b7e1503e925a552e724971
-
SHA256
03d16e728c66871a686932d999d1302dfd8a8a6f7b47e9d02e90f082681658f7
-
SHA512
b004b4348d5e7576cc454f4d436950fef840650b5dd608b853d74881bfeb2ed7110d3ee305ffff9a3f128df6e64a5c27b463a0f622d60671bc7bdb27dc46c487
-
SSDEEP
6144:VNSDy8RO1thpO+i8C8o8YHKxJpAN7ASlnWUb:/SDyV1tjs97HKrpMASlnWUb
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 3 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in Program Files directory 1 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15ea52d18b4a791c0f1a388f2d8cc1b0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\15ea52d18b4a791c0f1a388f2d8cc1b0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Documents and Settings\tazebama.dl_"C:\Documents and Settings\tazebama.dl_"2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 7323⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2988 -ip 29881⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
151KB
MD5186a2ead0f996bc191c89447c0182ec9
SHA121d625dcd0de3ff203efd6bceb8628e2afd47077
SHA256e0b6986f2a7c78769d4c8e25996d4d0c4d5eacebae976fe606eff5990166db6c
SHA51279a223c2a080d610888a96c11e703af1b0382849c2a2f6758797d9df012a5c28c0d30408c02bc7206536d8130827ba878232a09d06e4c2a1639761bd7dc48d08
-
Filesize
32KB
MD5b6a03576e595afacb37ada2f1d5a0529
SHA1d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8
SHA2561707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad
SHA512181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c
-
Filesize
126B
MD5163e20cbccefcdd42f46e43a94173c46
SHA14c7b5048e8608e2a75799e00ecf1bbb4773279ae
SHA2567780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e
SHA512e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8
-
Filesize
151KB
MD5265b01289bd10199912ca0d597396b79
SHA12bee345f93e0a3f4ff7e2737163b2b894e674abc
SHA256e6da90a8cc8a2c8611d2df9bc2014b11ca5a120fb2c480bc77865432800b7723
SHA5123147b605e41856f885a69e611355f719159a202e925dcc92d1c8863423aa051ef4cc5b2973bd2810ce6bbcac410b3180ff8f55f3f10f9a41cc418277046043fb
-
Filesize
151KB
MD567510681af9a73349c9a1f6ee473bc7e
SHA160fa0d5ab07cc1e815cb619b77508e951739ffc9
SHA256786245bd1cee64d890d3bd2a96d51f15a70c9166420feef87449e6ff421248c3
SHA512025a3fb7ed3dd47c467e9d50aec76b845f4d52934d95468b5ef9eed03640eee3d2aa680eaef227f798d07e6fa6af09322725800a7553602678e1de41099c1428
-
Filesize
48KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
48KB
-
Filesize
80KB
-
Filesize
88KB
-
Filesize
88KB