Overview

overview

10

Static

static

3

fecaaf7646...18.exe

windows7-x64

10

fecaaf7646...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 07:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fecaaf76466c6c481dc4510c41b37caa_JaffaCakes118.exe

  • Size

    246KB

  • MD5

    fecaaf76466c6c481dc4510c41b37caa

  • SHA1

    ed76573e6c533448709166b8978d34979456c2ac

  • SHA256

    97c7d17e68b8ff3a3d63f40362d96fa776240f9fc1f590a4f67ac2e5b1c7816f

  • SHA512

    2d834c8870ecbf1f3f78536e5c6cc143a3bcd2ad82c31d3fc5ae5593aea227d8b8046c8aa78563e2ede306d1d77a32921c0ee72c2374023fa1ad4e3d68d26206

  • SSDEEP

    6144:qqjgsaxwH+Z0H0wJCk0vYuPk1y8jL3X9BAskEv3ilPe:1ZaGHhC5wfDjxOs73

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fecaaf76466c6c481dc4510c41b37caa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fecaaf76466c6c481dc4510c41b37caa_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\c47eb844\X
      *0*cb*9cd54e75*69.64.52.10:53
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        3⤵
        • Modifies registry class
        PID:4516

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\c47eb844\X
          Filesize

          38KB

          MD5

          72de2dadaf875e2fd7614e100419033c

          SHA1

          5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

          SHA256

          c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

          SHA512

          e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

          Download Submit

        • memory/4516-8-0x00000000012A0000-0x00000000012A8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4616-1-0x0000000030670000-0x00000000306C1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/4616-2-0x00000000006C0000-0x00000000007C0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4616-9-0x0000000030670000-0x00000000306C1000-memory.dmp

          Filesize

          324KB

          Download