Overview

overview

8

Static

static

3

3b8a308e37...18.exe

windows7-x64

8

3b8a308e37...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 18:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe

  • Size

    337KB

  • MD5

    3b8a308e37cc4b3b8a14295d565b5f47

  • SHA1

    b1f70d0efffb718975b616f8c91ea22e0e2bd506

  • SHA256

    20e62ed17ca794095e63da91f59ba3a5473064bb894a911ea3cfa437bca7e9fc

  • SHA512

    c9871a5164f7be30c932c93828687545a5aefd49292b3dd1034dbe2766e6898a12f7f6ccb408e42334c84a1f8080dd08b014f788b6d4451ac954bd513cd6207f

  • SSDEEP

    6144:jYJbOaUmbGk1FImOkYv4JHMzyp4Tnmhgbig7:0JbOYBXImTJHMzWhpg7

Score
8/10
executionpersistence

Malware Config

Signatures

  • Creates new service(s) 2 TTPs
    persistenceexecution
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "sc create "3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118" binPath= "C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe" start= auto && sc start "3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Windows\SysWOW64\sc.exe
        sc create "3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118" binPath= "C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe" start= auto
        3⤵
        • Launches sc.exe
        PID:940
      • C:\Windows\SysWOW64\sc.exe
        sc start "3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118"
        3⤵
        • Launches sc.exe
        PID:3020
  • C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\3b8a308e37cc4b3b8a14295d565b5f47_JaffaCakes118.exe
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\hqlA14E.tmp
          Filesize

          172KB

          MD5

          685f1cbd4af30a1d0c25f252d399a666

          SHA1

          6a1b978f5e6150b88c8634146f1406ed97d2f134

          SHA256

          0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

          SHA512

          6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

          Download Submit

        • memory/2220-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2220-4-0x00000000004A0000-0x0000000000513000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2220-12-0x00000000004A0000-0x0000000000513000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2220-11-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2980-5-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2980-9-0x0000000000240000-0x00000000002B3000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2980-13-0x0000000000240000-0x00000000002B3000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2980-15-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2980-20-0x0000000000240000-0x00000000002B3000-memory.dmp

          Filesize

          460KB

          Download