Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 05:02

General

  • Target

    fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    fbfbf8141bf5342327a8024313f13842

  • SHA1

    2dab5b1fa28096c6d21f46bc027620190842b768

  • SHA256

    2eaa434857860ba9abbca0535dd357d8688282638c57c59c12f9286b0964b1d3

  • SHA512

    6134607b49b902ac9ea434cc03b24f726d6e69a5e3aa06182a995d2a66440cfe9d923d5a1a0da00b35ca2eba343cd5671ae1eeb851b08ccca382030db7112c0f

  • SSDEEP

    24576:d/0BHgevQ1XVVxvsQ5dDBasnRD+OE4WRicJHEuSvXie2a6CiXU9/9Us:d/0BRohVVl5dDBa4EOE4WAcJjFCikR9j

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 9 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    65bb8dde85fd6833e990a5b1655651f8

    SHA1

    978ddf2cc0f13534dbff0f0da116df3ff26481a3

    SHA256

    a6530e8a8515202a852ed6b80a9c337fc61e6839b17c5c7a07805a9d5e07dde8

    SHA512

    8293303220e878c6687c3b1bdf83c6238cd20c4cfb705318b99d87930f0b1dd37a938a4892b6b50c22a759e7e642fd6db83bc34c474bddbf03cb33418fb2381b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bfaed95d10f5e772951287f51730d075

    SHA1

    8430b6b2e86a80b199b57e8f4feaf0554e89e1de

    SHA256

    65d4ae69ea48abeb0cbb00b64d00132e3efae28d1d9712d7e6514187af571707

    SHA512

    bbbfdbfe4e69fe29b4cbc1ebf5dc9599669be0e6b14bc13cc79a95cf38feb5be19eb4353907ce13a9b9f3210575d552ef56d30a0aa140855e9f474477880171c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    cbe2c473a812f4ecc07ca9d50ac866ea

    SHA1

    2a0d103bb8041896b477488ef8b797f2de64d545

    SHA256

    df7b16f7edb8d4efb135d93885081885a65130a0e26e9b18d3634f07cf05fbcd

    SHA512

    aef2d392877191f610a9bb57ef0134b65235eee0535a4a86e92b457164dd77ad21485d07fc77c7425e306ceebac1f4f9643dd04c5b706043a536ba99aa28e923

  • C:\Users\Admin\AppData\Local\Temp\Tar263B.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • \Users\Admin\AppData\Local\Temp\fbfbf8141bf5342327a8024313f13842_JaffaCakes118.exe

    Filesize

    1.3MB

    MD5

    ac2cf2cdb12687b65c194e977215db40

    SHA1

    f96619adae67908151851a7a1993c1638685d11c

    SHA256

    79a432f8e9a17f9c3c081a30564261bb97351bc65d52c247be83efe069c25d29

    SHA512

    dc6361730360aa81b1e11f8bbe3ec53218ad9f6bcd27815ac7fc3ea6dce7796b8e665eda7621f2a24b7cb2e6181a9c1b6e8fd2c057d2400b9bb05614db6502b2

  • memory/2216-14-0x00000000034C0000-0x00000000039A7000-memory.dmp

    Filesize

    4.9MB

  • memory/2216-13-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/2216-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

  • memory/2216-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

    Filesize

    1.2MB

  • memory/2216-1-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/2548-16-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/2548-24-0x0000000003520000-0x0000000003742000-memory.dmp

    Filesize

    2.1MB

  • memory/2548-23-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

  • memory/2548-19-0x00000000002B0000-0x00000000003E1000-memory.dmp

    Filesize

    1.2MB

  • memory/2548-17-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

  • memory/2548-169-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB