Overview

overview

8

Static

static

3

efec83c1a2...18.exe

windows7-x64

8

efec83c1a2...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe

  • Size

    68KB

  • MD5

    efec83c1a2b5287f71d49dacbd0e0cb2

  • SHA1

    516efe382303a7d862a2ff16114eb9291ca82e2e

  • SHA256

    32dd41714a7bfa451f54ab53e1ccd560c96b2ece4b9360f2b3d39553bfe6e9c0

  • SHA512

    1153b5dcc4b73b5092bb0d6e1356210a896a094599c6ca52071783d0392a1544f0f1925f91c93ec2d3312391861b9cc5f1214ade8091ebbdbcd6ccfd5d888d7e

  • SSDEEP

    1536:7azZfromYUFbSO5Km2vev2jev5yIqRtPDacT:7aVyU8OiWOjvIqRtPDacT

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:2900
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k Workstain
    1⤵
    • Sets DLL path for service in the registry
    • Deletes itself
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\Workstain.dll
    Filesize

    77KB

    MD5

    cac51f658b43d77d27e4c19e7fd51052

    SHA1

    5ed9900cc144bb8737b200148554c3560d422819

    SHA256

    c271e7c490d8176ac1d6b0722a75200108eb38a3cf5fe8086186733a34819c99

    SHA512

    4d7183cf733951881ec405b57f4344fe7d76963a4817d74fe8a462dc85c54e11ab5889cacae1f576555908d310149eea63e056f6ee46afd89c40b4c7aedf9684

    Download Submit

  • memory/2788-8-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2900-0-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download

  • memory/2900-4-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2900-7-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download