Overview

overview

7

Static

static

3

38ccf9d470...18.exe

windows7-x64

7

38ccf9d470...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38ccf9d470fabc7f8b5cb5d809b2be79_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    38ccf9d470fabc7f8b5cb5d809b2be79

  • SHA1

    4252ed198509b867a0b92bb377042d52c5dccab3

  • SHA256

    5ef7a147f719d2cc894d6748b832d02c0d70ebe9fa33d3ad049e0113ef4f0c11

  • SHA512

    f23f3e5db374d836600394ef660ac6739c476f8fcc7492912c895056ac104d9aafad09116e2f71825b5b54be8b115bded8e2de5b44492f4253b45daa3d1fb3ba

  • SSDEEP

    768:mqrPvh/VXqdvbBy8+2tFt7MCWlGivdZxe1JUQ2nzc4+eyWCmGEC633QnvedpGlru:UDzNFudGivjszTmzhCmGu33QnvqIRnh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38ccf9d470fabc7f8b5cb5d809b2be79_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\38ccf9d470fabc7f8b5cb5d809b2be79_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c tr.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Program Files\dnf\dnflogin.exe
        "C:\Program Files\dnf\dnflogin.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:1620
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1620 -ip 1620
    1⤵
      PID:2000

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\dnf\dnflogin.exe
      Filesize

      72KB

      MD5

      38ccf9d470fabc7f8b5cb5d809b2be79

      SHA1

      4252ed198509b867a0b92bb377042d52c5dccab3

      SHA256

      5ef7a147f719d2cc894d6748b832d02c0d70ebe9fa33d3ad049e0113ef4f0c11

      SHA512

      f23f3e5db374d836600394ef660ac6739c476f8fcc7492912c895056ac104d9aafad09116e2f71825b5b54be8b115bded8e2de5b44492f4253b45daa3d1fb3ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tr.bat
      Filesize

      192B

      MD5

      6d3939a822668b3b93e8b4db0b8e3ece

      SHA1

      8b33418fbe5ddf9d2850d08a099bafc36e1356ea

      SHA256

      927b7a437bb5ff7e0a18a3491ceccc1ec3a22b6e89b66d439964ac1e7d0f2cc1

      SHA512

      e8cc606927a7f5e473e4cf3ae39a9d434a64393cfcf81d7ffbe365142738e1d6499ca78e87f8f2859a8b5637e1d988b56fe7b305b90881180ae3f55f338ca24a

      Download Submit

    • C:\Windows\SysWOW64\mygod.ime
      Filesize

      25KB

      MD5

      f32a9489bddd2b4169508a179cdf01ce

      SHA1

      46173c693700221801abcf55f71f84ff37125788

      SHA256

      be1cbf616245f9cc692a15af2be235ef6557322271eda8b0952e1fb18cc92296

      SHA512

      5a810963f2577f7316e9200f7ded12cd8d4bb4661030a7d3ba982edec921db2fee624eeccf10bcd29535f73806af32940cf717ec102c42210e799336e19e7c61

      Download Submit

    • memory/972-0-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1620-11-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download