Overview

overview

10

Static

static

3

fbec14e2f5...18.exe

windows7-x64

10

fbec14e2f5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 04:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fbec14e2f568f22f99a07644dd24da54_JaffaCakes118.exe

  • Size

    144KB

  • MD5

    fbec14e2f568f22f99a07644dd24da54

  • SHA1

    fdfb8eac8e500ee54b324cb98f1fc4bf3d6ea190

  • SHA256

    a635cfa11466cb3a796973e02d1b7d9c021b86f7f154ee67ed3332bae21f294c

  • SHA512

    138c1da3d8bd1d2c852470340dca6f5f1ecddc9071d654c29d7c4a34036f115deb8044c708db1ce4f5370c5f96bc5812c2684e3b0d5fb8336a0a147d5d6cdbee

  • SSDEEP

    3072:Xpn6CcWd5gVUL5mynf1lFCm8hlJvzMwgv21jWE5j4oQxc:XpnU21Cm8hlJvzMwgvkdu

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbec14e2f568f22f99a07644dd24da54_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fbec14e2f568f22f99a07644dd24da54_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\nuoehod.exe
      "C:\Users\Admin\nuoehod.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\nuoehod.exe
          Filesize

          144KB

          MD5

          8c6a0d2132eb3c8db90d04951f3f3f08

          SHA1

          b04bd6745f802bc57a05414ea180056f8719dd25

          SHA256

          c392e99ddef65991442d7fe304b39dfe574d510383b7ce1bc592c56ade6df3b5

          SHA512

          eedad8364b3e1c69d97a046f5f4160a946f20957e66d3cf76c10a6c818ff89721ce78850a179e95fe633ef50e4fb8418896b3407664adfcd7e6dd1c5db228f1e

          Download Submit