Overview

overview

10

Static

static

1

0597ef64bb...18.exe

windows7-x64

10

0597ef64bb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/04/2024, 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0597ef64bbe482a92adb1909eba8f923_JaffaCakes118.exe

  • Size

    435KB

  • MD5

    0597ef64bbe482a92adb1909eba8f923

  • SHA1

    d874159f809c6709bbf4b820fa1f60bb006afa3d

  • SHA256

    137b4ef415e3a38d4d40322fb9c9dc3a1ffb4828d38224fe5a625a84376b885e

  • SHA512

    1b4478a7d9e4c8666e6f91ff676fb339a3f3c726c21e3748bc0d691dbc5c0f020598edf6d97a9a16663f54513e29527e343ecb8a36a6485db6123ef85961ba39

  • SSDEEP

    12288:KKz4hAmKw0Li7et1ZeV7wAiNMh+toQZwTaFP3WNJjc9ho/:KKzRDw0L0G1ZOwAiNU+edGxIi2/

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0597ef64bbe482a92adb1909eba8f923_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0597ef64bbe482a92adb1909eba8f923_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\autorun.inf
    Filesize

    126B

    MD5

    163e20cbccefcdd42f46e43a94173c46

    SHA1

    4c7b5048e8608e2a75799e00ecf1bbb4773279ae

    SHA256

    7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

    SHA512

    e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

    Download Submit

  • C:\zPharaoh.exe
    Filesize

    152KB

    MD5

    b35a5a62d957e517aca77c5e84a82a7b

    SHA1

    c1b91566695889118e9453516caea9be5b0486c2

    SHA256

    4acf9f743bb8bfcc576dc553487617c5a628b07c282ae85129fea977b4958d31

    SHA512

    37f67bb0a15529450a17e8dc89623ababa4317f7c6f1c324fb27723b753e0f17ba79e22d29f596e315bc02adfa2ce9ae064fda3555fbf68f04a0b6d1d7e26557

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\RCX18B1.tmp
    Filesize

    69KB

    MD5

    8ba404e90194c38541e324657e72f74c

    SHA1

    ad9fda28f95b7747579a7fbb8a18e1d1e6311a49

    SHA256

    8145e4c62390f9c55343cc6dadb790dc2cb9463c4f578fa57bf43f12c4720340

    SHA512

    1f594ebb6b970c9cb86b97d642351106a52db407c6e90db7391b50e97a1136e5ba13aeec66c9b985192c377d8c5c70d3746a00f37bcc83855fea316cf8d82362

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\S-1-5-21-2297530677-1229052932-2803917579-1000 .exe
    Filesize

    151KB

    MD5

    9bcdd7d399921be361dbdde6cd2db1e0

    SHA1

    39584c4196d9acca1997cdc0dfd627ab09f2f6b0

    SHA256

    9a2424d27b083710eadee097d687cf3aae40bb603700e481ec9f08afe79afe93

    SHA512

    0ac82ff5addd706d22b6f88031831ad3155c363cfd65b3490dc76fc347e063d5c11f5414ba557cf210eb25287a97b2454b4c7c36e982c8de169628b35ec5c5ad

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\WinrRarSerialInstall.exe
    Filesize

    72KB

    MD5

    78589d293ee9bb5fc11715756b907063

    SHA1

    99e4ea8cec3795a1122a42fc581cc5b4c6e7bdd3

    SHA256

    804f94e97d000635d9306da423eaad7b52e48f97c090c2e91eb56fb7443dbaca

    SHA512

    8328242b140fecfe7cbcd516b05bb2292bf99ead4242a3cca008e188ca4414f0450a76fb075a54fc6bdf14a97e8ee0940f18ae26c6f7f2c8ad7463159af8ab22

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\WinrRarSerialInstall.exe
    Filesize

    151KB

    MD5

    3fe23a27e1060680d944f516d24475c0

    SHA1

    c21fd8506fed8dbfb2937ac8592ca66fcfa7d31d

    SHA256

    3d2ce58fddd9d4113a080c65f7aa2d4e3a52dcd16d2c279c47e9f34ef2ad8a2c

    SHA512

    62a65c8acbc1109f9c702b556bbdb67b092cb325a330920ae5211f98811c91690260126201464eba6f8290115403692f631c39960ec6b193be59aca06506cb8a

    Download Submit

  • F:\zPharaoh.exe
    Filesize

    152KB

    MD5

    a770458b2e9e0ece9187b20219d349d2

    SHA1

    7e4c2cb6b046963b57f18fb515ffade47df88d34

    SHA256

    c0a802122f07c9944cd3ea6b752c090f86d1b86dba68b32fe8439e7e14e38705

    SHA512

    e7c6970bc017151dab389c2faefc6e0ad6640093faa99eabb4282a898cbccfe4b007fe999e6a1004827128d51242acc1635a133ce8f0d63cd1559be21f7b3d57

    Download Submit

  • \Users\tazebama.dl_
    Filesize

    151KB

    MD5

    90a07b4d2b96d88a55158acc9a67c905

    SHA1

    c019fb8595572c96b698779e2f7ff686688f8c70

    SHA256

    f93d0d8b468081aa693149e54a67b2a399d93e2f135fc6f65c78090c52bb31b7

    SHA512

    1b726c782aeb31142bc7eed191803e671e6d65d49928b8427bacdddba1368bf68cb4b35722b8473fbb003c5461b5960566f859a970c0bedc625145bbdb760b45

    Download Submit

  • \Users\tazebama.dll
    Filesize

    32KB

    MD5

    b6a03576e595afacb37ada2f1d5a0529

    SHA1

    d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

    SHA256

    1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

    SHA512

    181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

    Download Submit

  • memory/2292-15-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2292-0-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2292-16-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2292-12-0x0000000000240000-0x0000000000257000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2292-13-0x0000000000240000-0x0000000000257000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2292-82-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2728-14-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2728-81-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download