Overview

overview

7

Static

static

3

e2ac38009e...18.exe

windows7-x64

7

e2ac38009e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2ac38009e2b33c1ade00562fb56a9c6_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    e2ac38009e2b33c1ade00562fb56a9c6

  • SHA1

    1c69dc61efe09dc80c5d5d6c356f6940b6215862

  • SHA256

    9101f200d0ac7d57c0a94784d5dc25c2010fe8b9ede5dfc970312f822b2ba9ea

  • SHA512

    de67a493294030cea42dd96804bdf95d1cdd2249fabaeedac7b2413d004e43baf2b2c2d7b444b9915f331f958d730560159e54a873785cecfbc10f05aa49baec

  • SSDEEP

    384:E5P3akITPwWXS0Msm7Cml7Ai3dDJnWyQUMYeJ7q4h/takZR:YriPwWasmr3ZJnWht+4h/ta+

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2ac38009e2b33c1ade00562fb56a9c6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2ac38009e2b33c1ade00562fb56a9c6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\GLSLQ.bat
      2⤵
        PID:448
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\BHDEP.bat
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3176
        • C:\RECYCLER\svchostz.exe
          "C:\RECYCLER\svchostz.exe"
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\BHDEP.bat
      Filesize

      26B

      MD5

      b18ecb802e7fa042078dcee386498762

      SHA1

      8d135cc71ee968979ad70309a4116332e6610efb

      SHA256

      01cabb68cac76aff69b1a4621d7ab6beadc93ed4b2a430549ee4326fe0e79bde

      SHA512

      424e69fa57335d3e30ded9726711a4acc8ce6da68a0afa59cb1c7692221c183ea9634682e368d1b66ae3220ab7a805c0137f4e8c9ae6ed6d495ae2c39a93c690

      Download Submit

    • C:\GLSLQ.bat
      Filesize

      118B

      MD5

      c38e37b9ff09c72002377623c325063c

      SHA1

      4111ee72c6dff9e59535a43ffd4adef8e4324730

      SHA256

      d4dd1f73534485be69dd4bd97f3ad081fe854e56f54b41b8b8b0a0074a728e6f

      SHA512

      32478ac3a89446a5dd1486f70a77b2e9b71dc51a1bb84f9f3d8b13646a7d06f2951bbe9392b0678433c81fea30abd389ef5a73b00202f99b38aab3febb980070

      Download Submit

    • C:\RECYCLER\svchostz.exe
      Filesize

      32KB

      MD5

      e2ac38009e2b33c1ade00562fb56a9c6

      SHA1

      1c69dc61efe09dc80c5d5d6c356f6940b6215862

      SHA256

      9101f200d0ac7d57c0a94784d5dc25c2010fe8b9ede5dfc970312f822b2ba9ea

      SHA512

      de67a493294030cea42dd96804bdf95d1cdd2249fabaeedac7b2413d004e43baf2b2c2d7b444b9915f331f958d730560159e54a873785cecfbc10f05aa49baec

      Download Submit