Overview

overview

8

Static

static

3

efec83c1a2...18.exe

windows7-x64

8

efec83c1a2...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe

  • Size

    68KB

  • MD5

    efec83c1a2b5287f71d49dacbd0e0cb2

  • SHA1

    516efe382303a7d862a2ff16114eb9291ca82e2e

  • SHA256

    32dd41714a7bfa451f54ab53e1ccd560c96b2ece4b9360f2b3d39553bfe6e9c0

  • SHA512

    1153b5dcc4b73b5092bb0d6e1356210a896a094599c6ca52071783d0392a1544f0f1925f91c93ec2d3312391861b9cc5f1214ade8091ebbdbcd6ccfd5d888d7e

  • SSDEEP

    1536:7azZfromYUFbSO5Km2vev2jev5yIqRtPDacT:7aVyU8OiWOjvIqRtPDacT

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\efec83c1a2b5287f71d49dacbd0e0cb2_JaffaCakes118.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:208
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k Workstain
    1⤵
    • Sets DLL path for service in the registry
    • Deletes itself
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Workstain.dll
    Filesize

    77KB

    MD5

    d52c9831629e33675d18881a04c9dd65

    SHA1

    e0048ed2a6191941e478f7e0e26c8d5f7a0a9313

    SHA256

    fbe95c5eb167bfef3f5787ddfa0ecaf53cccf24678ba21393d64edcb2eeaf322

    SHA512

    1ddd2589d6a68934569225be7efda340e961bfdde4ed036bfcc17b881f3f9df573af96149665bf54a8b9b07e3febf122bcbf7295db40789c02055e4c278ea61a

    Download Submit

  • memory/208-0-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download

  • memory/208-3-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download

  • memory/208-9-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-8-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download