Analysis
-
max time kernel
147s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
05-10-2024 06:43
General
-
Target
16943270f05c11e266860bcd56bb20bb_JaffaCakes118.exe
-
Size
1013KB
-
MD5
16943270f05c11e266860bcd56bb20bb
-
SHA1
2a0cfe0c8c06938c00043858fa2aa81b6ddf3c98
-
SHA256
b8f64cabf9cd76735d77fd405a1635a0591eb7cbbd18830c47625b5c8936d20e
-
SHA512
2de21d417748ecc86ee8690ef0a6d63295961d013dc3e5f73b601a4041d730f1ad2d410d1f4b67322ac98ced3d77eb971793fdc3ffe99f386bd7f75e52d89def
-
SSDEEP
24576:ix+OSa0eVkMakTXBghG0dyMJqLDMMMMMMy6LD/dtfhS:ihp0eVbjqh9dYMMMMMMy6LD/drS
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Modifies system executable filetype association 2 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 3 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16943270f05c11e266860bcd56bb20bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\16943270f05c11e266860bcd56bb20bb_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Documents and Settings\tazebama.dl_"C:\Documents and Settings\tazebama.dl_"2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126B
MD5163e20cbccefcdd42f46e43a94173c46
SHA14c7b5048e8608e2a75799e00ecf1bbb4773279ae
SHA2567780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e
SHA512e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8
-
Filesize
151KB
MD594c0eec8497f7f326eb35d7bd66c2c59
SHA189f5f2d228a95e77dc4f40d290e4b7696d0ff3db
SHA256385c5cb7e5b188c6b41f183aa2ac7cfe3c3bea7a4b6d71acd1145b7bfb2a1de1
SHA5120c4fb2b0ac26b299e01729c94bed6d9271fb8837db1540a567d2c2473285f6c41420fa4791c3b155a7cbc856155058832a2fc35d968c423cb08ec449bf8ee801
-
Filesize
69KB
MD5bf2277f6e811a8e7c4c9eb72b803e433
SHA1e52c984d30aa770817bcab76d54c762abe9eec2a
SHA256b20c1d76f46d86fabcd756f4db7ee2bde81be9355a1ff891172566c5457691db
SHA512c2848a7555496b400e019dd8dc41baf38c6f07fca1ed6d2536efa30dd3c2b00d7c3ee6320bc75c63f3efcceadbd5649abeffb82e55191c98f7f1b95e76cf6edc
-
Filesize
151KB
MD5a2630f5e1a54cde9e47daa99a18a335b
SHA17c0133edee5401140ffde617bfb589753c39afd1
SHA256053c26f41cc3025a27d0a2d04f2c3155954131c27be723def2f873a8afc308cc
SHA512f5d52deff92906058c4b707b8ecdcbba39b316638b3a71cb6d2f36f698fc19ad99ba63e4e4d346d16b867a9cf4c70546ecf39acf3c92ad57ae0910b8beff0c3c
-
Filesize
71KB
MD5a35ce2412fd7df3e8065475defc82730
SHA11db02ed0e46299fec20b2343a0bd4211ed32217b
SHA256d6fc7c8b8bad1ecd16b14e69c4f745c759de2663bd00c9e01554a2153a28e2db
SHA51264331a7223554dc986f3804e4945d2a478170acfc6bc3955cef0e80a4e9d99fb73dfddbce1005ed0405e8c1ea6734bfdffdbd19aca9d833f7729854c2b2c8628
-
Filesize
151KB
MD5a2861c89f56c7fe6bf54018f79759dce
SHA1c21313ae7665c7fef07f7de9c2346defc97efe1f
SHA2567bf06e4d053de6997db3bd98a622e8e364b557bd4b449f33c001d6a9e6e90cd9
SHA512fc0435605109830adde713402b18411adeb7dd54db7f9fb77b3c49c05e00cd22b19358f41a44d26435f3df3ff5dfa74c9c3d7ea59066a4933b15d0456f7bb20f
-
Filesize
152KB
MD5165cf39256b3ff6dea92eb578d9c414f
SHA17f3b452808973f9096977e7123afc7d289c49262
SHA2561ffad65440b417a14dfd1425f10c22afb45ab4379dc769fdc7fc618d2a7a92c1
SHA5126b1b4d5790dbfef47b7ed0ab42722e384708bfbd70f23657a7eebedbfb6b95952f50e00796a56f13cea540720bd903c89a5e8aa6fdc2a3629733838f62a98245
-
Filesize
151KB
MD50e141dae671d401855632dedfd7045ea
SHA1c033c687495f1789485b8c2b6fb1e4509b94d03d
SHA256a17f31fa26805f36024c4cd49827ae1ccaa8dc3443d4e186cc6e224e33bc63ac
SHA5124697f437703eda0c564ef592a513574829b24e227dedd04653546b37ffb41c6d8f82fb9e355beb4466458804a472b567368c6e974a3cd1b51190c8b38e3a5d17
-
Filesize
32KB
MD5b6a03576e595afacb37ada2f1d5a0529
SHA1d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8
SHA2561707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad
SHA512181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
44KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
1.1MB