Overview

overview

7

Static

static

1

f9899c8421...18.hta

windows7-x64

7

f9899c8421...18.hta

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9899c842155a1da8f4a9f8982697531_JaffaCakes118.hta

  • Size

    11KB

  • MD5

    f9899c842155a1da8f4a9f8982697531

  • SHA1

    178d3126c0d6f5545bf92ca72d839301b94d1ae4

  • SHA256

    cfd585911a2fae0d9fe245a2b498907bb9a51dce18fa341b6c79c54dc3d75acf

  • SHA512

    051a84509bd246b57ef82e479c9685f9158c88fcaf7d67d8d33e9ca242ad6ed9a75953867303507f24a08386cbf96b47561db76b7e69f00bb52d7db6de807cbb

  • SSDEEP

    192:TUyvAba9kd2FHGExGN2e1wYwY2j8Ec0ycDZ:Tdvga2d29NxU2e1wYwY2jvsaZ

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\mshta.exe
    C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\f9899c842155a1da8f4a9f8982697531_JaffaCakes118.hta"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\TestG.exe
      "C:\TestG.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\TestG.exe
    Filesize

    5KB

    MD5

    687460722900a9d2201d37eef2eaa22a

    SHA1

    11c0b191d1f68cbafdb95bf7fd58b0c2bdedb52d

    SHA256

    b7d612fa26825451e8b2761b3c5d3d38b189785f733231d27954333dc39cd4ee

    SHA512

    79f9ba169abf7eb7f2bd5cf4028a9b186b099a437b102a11dfb65ae8db30116bfa2367d36a36b20b2e63ae7c0ed0a6a26be2afa8307542013de6e6ea69fc29f5

    Download Submit

  • memory/1444-3-0x0000000003500000-0x0000000003507000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1444-7-0x0000000003500000-0x0000000003507000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2576-9-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2576-12-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download