Overview

overview

7

Static

static

3

df2e1a5648...18.exe

windows7-x64

7

df2e1a5648...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe

  • Size

    158KB

  • MD5

    df2e1a5648b130f214e61c251d710188

  • SHA1

    e3b705fb05cd816d012362798ec5deea57f7a483

  • SHA256

    46ca77c13ede88ed1dc4be9b4cc30c743288533e11b54a6e7139123a19ce8f47

  • SHA512

    dd380774c8c3dc2219b9109e5886382d5919a1b1dc13b8352d4835ee3d90a1c9e445b3360a9c62ed21d88da60e41945eebbed19e49443ea47cbc98dcaba1ce86

  • SSDEEP

    3072:qKtfDwsjPThTYszDH2fHVUcdPuPHfEjETjPNtSweAhPXjSvZmXHlfHYTo:BtfDwsjPThT5zL2dBUPHfAETTNt2Apz0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a32E7.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\Users\Admin\AppData\Local\Temp\df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        PID:4440
    • C:\Windows\Logo1_.exe
      C:\Windows\Logo1_.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:688
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 668
        3⤵
        • Program crash
        PID:212
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 688 -ip 688
    1⤵
      PID:4744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      989KB

      MD5

      684f48bdfd22748ef23c2fbd1628357e

      SHA1

      a3d0e405d103c363f1efbe68c2e3888349002ec2

      SHA256

      5ca2dcde50de230f4cae444db23b18d7182789e66feaf7ea31e78e0df6d4b78f

      SHA512

      778ab693b4e12c1b4ee40294df5c3ae7f04f0e8fab70f4fd5739cd30df71d4137fb93d84673466159c77863f4d54c7b4a66e2bb3a18a42974bebec72f527e311

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a32E7.bat
      Filesize

      614B

      MD5

      ee5e4ba27a073a3b7eff6a57c483590f

      SHA1

      892037808ac6262e1f4180c0f67c9525970e20c4

      SHA256

      6613a926f5805e331f596747cb1ce55c484e8a944c6a0a4507feee468754b8db

      SHA512

      fb63fc82d3d3a5dcddeba6100edc5efb43a3a5202e150f36f056d471bab36e749b8f61be25e0feed0d18beb61659e5cec013c16b56410364c6ad669ec5e2552e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\df2e1a5648b130f214e61c251d710188_JaffaCakes118.exe.exe
      Filesize

      100KB

      MD5

      5cb5adb9d9b10cc96ca71e9dce5e5085

      SHA1

      37175531b42ce7dded08b25e9ea1508d1d610cdf

      SHA256

      88284e1badbb2d64c763cfa3cd2c25a3d4985396bed091f042ee00a83cfc23af

      SHA512

      e611f97a279ef274c5282560767bc922d514fc9ea5bace40ff8c517d13dc749a9c73b9fd4b4ee629270d9999a18e9c6f683bb35f5c1ffd484c2fa5e2b8e5aad2

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      58KB

      MD5

      c9744814ccdabc3274e7562e65ef2d47

      SHA1

      ac3c9e04ea4049aed591e33e11ebddea97e50d27

      SHA256

      8fece78c786e66ea55e43a96ca72687aec61eb7e83e9b748572c95ea793a9ce8

      SHA512

      f5b5dc9a737a1ef82d029c0d37864725253d1e28aa45231002f2d4054069dcec5e820d9630fafab8a004142eb41ea584487331ef435d14d2bbdfbd42825056ec

      Download Submit

    • memory/688-118-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download

    • memory/872-6-0x0000000000400000-0x0000000000422000-memory.dmp

      Filesize

      136KB

      Download