Overview

overview

7

Static

static

3

ff21ecdc02...18.exe

windows7-x64

7

ff21ecdc02...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 11:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ff21ecdc027f0f712ca4c84b399fdd35_JaffaCakes118.exe

  • Size

    260KB

  • MD5

    ff21ecdc027f0f712ca4c84b399fdd35

  • SHA1

    29c4730a3042ae18bcffd5f114a6a1b4eaa9e97c

  • SHA256

    825007dd6e40717b2c85ec92ad791837417a4afa85f4a6be88f4af6dbec6df4f

  • SHA512

    fb339b32f7bc327f288c912ea2aaa72d9fcebb899c7b111f09ca7a13ab0fe9378cb5c590141f69475ea0236fb18e83908016533760245abdf7dc9c16114d4c69

  • SSDEEP

    6144:kfzzsA7p/mYVU53gLVi0BHWjGJO5ItK/z+gzR50t28py6d/KXn:Az4A7p/m6qwLs0BHYGJO5It6zVStNy6O

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff21ecdc027f0f712ca4c84b399fdd35_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff21ecdc027f0f712ca4c84b399fdd35_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Windows\Fouad.exe
      C:\Windows\Fouad.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4300

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Fouad.exe
          Filesize

          260KB

          MD5

          ff21ecdc027f0f712ca4c84b399fdd35

          SHA1

          29c4730a3042ae18bcffd5f114a6a1b4eaa9e97c

          SHA256

          825007dd6e40717b2c85ec92ad791837417a4afa85f4a6be88f4af6dbec6df4f

          SHA512

          fb339b32f7bc327f288c912ea2aaa72d9fcebb899c7b111f09ca7a13ab0fe9378cb5c590141f69475ea0236fb18e83908016533760245abdf7dc9c16114d4c69

          Download Submit

        • C:\Windows\dir
          Filesize

          84B

          MD5

          fc21212227b1ff366fee58a307b3c670

          SHA1

          033855f29e7e02c67a72fd3070b9dc62cff3151f

          SHA256

          95faf903f015319b221d267fdef679b4c4cc31dec9954ab48a0206e83cf97ba5

          SHA512

          144b944ae3c31fb8415dc6af67a5f091e84265c53fa15d056adee4b02fc31669b4282da226de9e0a4f02080b440dae23aabbe586732e1c8e33e986b533d129eb

          Download Submit

        • C:\Windows\name
          Filesize

          5B

          MD5

          7b0144a4add0a8209e84c264af4ea632

          SHA1

          c1a447c1e1dc9ccd4faa488e69984eed65835b0c

          SHA256

          dca7613917f0dbe8dfce3d38815e8e81acaf56901ab28525ac26829f47c64a29

          SHA512

          2f2ffe3ad431635fd7e4b409eb98c82d576ef465a34cee25546e0562ac6cdddb377bab3b7c746128728ca219b093ffa24fe55e25d2bf836d79e0fa9bca815b33

          Download Submit