Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 06:42

General

  • Target

    b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    b7516b479f88d9b9b5ad6a5293a4c0b0

  • SHA1

    7bd26f1215bc64d6471adfd55c259493f17fc3b8

  • SHA256

    00b36e7439c5d81198923d6ee2c5cfac0b4263280adeff9e266654a3c476955a

  • SHA512

    b4189be8dd46e15f3e06f49d5bc7514123e33d44d7901cd1b14aa8aab35ba2166ae91814a0a8c7dd2edd25fd432613936380f1ea884e075f3f80ad9731cd46b3

  • SSDEEP

    384:mprr1gkDCgSzXuBsrQMkEHm1aA+fKSWuKB:UrVDCSPh1atthC

Malware Config

Signatures

  • Detected Xorist Ransomware 4 IoCs
  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

  • Xorist family
  • Drops file in Drivers directory 7 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

    Filesize

    21B

    MD5

    9e42f042703a1218d6c240e86a10bce7

    SHA1

    d93dfb855aa63b2fa1b925823bfd0916516bf0ff

    SHA256

    45bd101248b2229f07b513f133793e875bb4c66b578e674300cc7ddced1ddfb3

    SHA512

    0d0b0de68e23e9e3b34c74d2f32126cfff94c4b205a06522389953af0f9cff8f434f3623d4823ee78d07b6d60d0b6fe451918e715fce9fc81965ba42f0b3771d

  • memory/2128-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2128-4766-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2128-4767-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2128-4768-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2128-4770-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB