Overview

overview

7

Static

static

3

c24ee8097f...18.exe

windows7-x64

7

c24ee8097f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2024, 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c24ee8097f44144666812fd4680e86b2_JaffaCakes118.exe

  • Size

    15.9MB

  • MD5

    c24ee8097f44144666812fd4680e86b2

  • SHA1

    63e31ed6836d61dc5938a7d7c38935e11a0356f5

  • SHA256

    c996e6a7c750b73478950f4ecec6a40b70ab8d6d8a28cc1608817476bed677b8

  • SHA512

    242502ccf7c244909337d83433512d6945a287ce8137ca9287d776358c76a52e67c71caadd84f7adfca7d6046a0d21a56151a34e630c6d52178c744c3822d234

  • SSDEEP

    393216:Jg7ubg7ubg7ubg7ubg7ubg7ubg7ubg7uN:KSsSsSsSsSsSsSsSN

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c24ee8097f44144666812fd4680e86b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c24ee8097f44144666812fd4680e86b2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\reg.exe
      "C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:2576
    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
        "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1452
    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      "C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    15.9MB

    MD5

    ced386850dea5a5fa9b30f79f45650a9

    SHA1

    45b1237e44633b378213266bc3843f0bfe6935f7

    SHA256

    2e10620f1e260b28910804a6ea00dde012b5dab7cb2d02607522ad5d53abdbc8

    SHA512

    3006d8a6851f6879e7b434fc81950f1960b34c8c238199074d94e5fe0dbd2b5d9c68ae4446d891995216c359cfdb68bdfce80173cd8e9c590ebd003542e3da79

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
    Filesize

    1.0MB

    MD5

    a2f259ceb892d3b0d1d121997c8927e3

    SHA1

    6e0a7239822b8d365d690a314f231286355f6cc6

    SHA256

    ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420

    SHA512

    5ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad

    Download Submit

  • memory/1452-47-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1452-54-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-61-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1452-60-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-58-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-55-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1452-53-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-51-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-45-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1452-49-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2144-13-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2144-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2144-1-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2144-20-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-42-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-52-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-40-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-15-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-41-0x0000000000400000-0x00000000004FB000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/3020-39-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-21-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-56-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download