Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
10-01-2025 07:03
General
-
Target
JaffaCakes118_dde3ef9c2300ebec4b5fac503ab5acb4.exe
-
Size
908KB
-
MD5
dde3ef9c2300ebec4b5fac503ab5acb4
-
SHA1
87638ce4b31891a5e66b2482b7b0c1e2faddf7e4
-
SHA256
1af076d3e8324da6ef21fa16c24aacdb316af29d66aab0f3ab336680ecb8c1e0
-
SHA512
c94ecb5e47c928f33084721bc8fb6a689cbf1a5efba130b902562fa06174dee14ee8794d852d624a483c1a121e7953c2512d297cb8fb02939065e65d3c546b50
-
SSDEEP
12288:QqjqRBa80gi+TCUQpd6KA26mY6nltHnhm9FXRt:QwqN0gi+TCUQvHEFX3
Malware Config
Signatures
-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Imminent family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dde3ef9c2300ebec4b5fac503ab5acb4.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dde3ef9c2300ebec4b5fac503ab5acb4.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\model\print.exe"C:\Users\Admin\AppData\Roaming\model\print.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
908KB
MD5af3f1c0f5279a55b121fcc58e6df327e
SHA1c48e8db9e2f9b790e8262a15fb79944f7928863e
SHA2566212c805b55333baf8d45604fe1cdb6b6e279efbfaadae1241acbbfbd8150ea6
SHA512adda7badd7bff103648a54ed8091ef969c29ef140c8823e90df28f223bc9c38f96386ec688233181e9cdc19f4345e65171a4356ad0110c3c39c636a74983136a
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
88KB
-
Filesize
344KB
-
Filesize
160KB
-
Filesize
696KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
344KB
-
Filesize
32KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
888KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
352KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
888KB