Overview

overview

8

Static

static

3

f6b7effebe...18.exe

windows7-x64

8

f6b7effebe...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6b7effebe4708544640c9a033a4688b_JaffaCakes118.exe

  • Size

    582KB

  • MD5

    f6b7effebe4708544640c9a033a4688b

  • SHA1

    79ae5c325c90f065ba0ad9ef43e03709bdc2aecd

  • SHA256

    7b945b5dfbfc10571d7ace8c450c5839b2539bcc753a8525333c2d21eed74990

  • SHA512

    12f3a3ed5fb04eee6343a00d22ea35517dfe8217d3cc080db8bed4ea4b8dc57069a11a9014ec41316ae0b0e7ac70e14c157cde4f80b4ea0e0b12b22196783399

  • SSDEEP

    12288:xN6pzhWifNaC3tMIYVNb3y7VjfUJhtZ6iq:OzhWifNaCmDy7t0htcL

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6b7effebe4708544640c9a033a4688b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f6b7effebe4708544640c9a033a4688b_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:2820
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k ofwtyp
    1⤵
    • Sets DLL path for service in the registry
    • Deletes itself
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\ofwtyp.dll
    Filesize

    76KB

    MD5

    821069abe442b8aac126572282610d31

    SHA1

    01af31ca567aa6ca719870c8239f8ab8006a0f69

    SHA256

    2d2927f7f8efd284ccdc607c3465e2fd2f622c5193338e7bc710351ee858169a

    SHA512

    90da05bb298f7fcfd70a79b804184904c4b1e02e63381074f1e1fe23ac3e95fe944ae3ea522dfbbbb8ba63a9a4c90ebc74f959e26243b951ab07a0c4a4114f74

    Download Submit

  • memory/2820-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2820-8-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download