Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 23:16

General

  • Target

    d41b351bddac402fe3ed324a97a6e3f7_JaffaCakes118.exe

  • Size

    711KB

  • MD5

    d41b351bddac402fe3ed324a97a6e3f7

  • SHA1

    69ec25847b08cd26f9513d0ecf0896eec447900e

  • SHA256

    063e906f774943f2321e8f00ebfd56db6c2aac7cb7300ce32b171049656f8998

  • SHA512

    70df62d8c02d9c342917761d61f9468a950f62205282074854c0544b1cb57bb43051b55aa8bd77c3ab72ac60a8deb4425da4e202b06f31398c6386fff32bb413

  • SSDEEP

    12288:wygsDEgpAAx6Eu5P5sZB04VEPNwlo/Cs4Dbazkn41GmJ73pQgTecVo8dVSg115Ru:KsDEgpUFP5QSPNwlo/8nazS41rl39ecT

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • Drops file in Drivers directory 2 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d41b351bddac402fe3ed324a97a6e3f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d41b351bddac402fe3ed324a97a6e3f7_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • System Location Discovery: System Language Discovery
    PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3044-0-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-1-0x0000000000401000-0x000000000040E000-memory.dmp

    Filesize

    52KB

  • memory/3044-2-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-4-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-3-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-8-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-7-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3044-9-0x0000000000400000-0x00000000005FB000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.