9fd042002a32f492be703ed3f8a47f348053dfc31ab9d99bde3d0750bb0f943f

Analysis

max time kernel
142s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f09771b2200cfcc54242e1fb9b5c22ea_JaffaCakes118.exe
Size

2.8MB
MD5

f09771b2200cfcc54242e1fb9b5c22ea
SHA1

fa46803c650b92ef4849004124c7b13200d3379a
SHA256

9fd042002a32f492be703ed3f8a47f348053dfc31ab9d99bde3d0750bb0f943f
SHA512

417eab48d624dace57ccdafdd5bcf1811df0e4e2e1083183ea3e7fe0a0a2e53cffe6ae40a3a2c24fc03cffb01d5239342819db9fa5c30d34e67d4c05f5180809
SSDEEP

49152:Kr3qtuHaqcWb2v4uTKLvve4DCf94Ui0tfDq5rsKCqvZ41ABuDzt9dDZmmyW:KrM71i2AsKLvW4mZxO5ZLINDJ97mw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4036-0-0x0000000000400000-0x0000000000638000-memory.dmp	upx
behavioral2/memory/4036-2-0x0000000000400000-0x0000000000638000-memory.dmp	upx
behavioral2/memory/4036-4-0x0000000000400000-0x0000000000638000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4048	4036	WerFault.exe	84
2756	4036	WerFault.exe	84
1884	4036	WerFault.exe	84
316	4036	WerFault.exe	84
2024	4036	WerFault.exe	84
3588	4036	WerFault.exe	84

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4036	f09771b2200cfcc54242e1fb9b5c22ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f09771b2200cfcc54242e1fb9b5c22ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f09771b2200cfcc54242e1fb9b5c22ea_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 740
  2⤵
  - Program crash
  PID:4048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 768
  2⤵
  - Program crash
  PID:2756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1400
  2⤵
  - Program crash
  PID:1884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1420
  2⤵
  - Program crash
  PID:316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1376
  2⤵
  - Program crash
  PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1428
  2⤵
  - Program crash
  PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4036 -ip 4036
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4036 -ip 4036
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4036 -ip 4036
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4036 -ip 4036
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4036 -ip 4036
1⤵
PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4036 -ip 4036
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4036-0-0x0000000000400000-0x0000000000638000-memory.dmp

Filesize
2.2MB

Download
memory/4036-1-0x0000000002A10000-0x0000000002B60000-memory.dmp

Filesize
1.3MB

Download
memory/4036-2-0x0000000000400000-0x0000000000638000-memory.dmp

Filesize
2.2MB

Download
memory/4036-3-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4036-4-0x0000000000400000-0x0000000000638000-memory.dmp

Filesize
2.2MB

Download
memory/4036-6-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download