Overview

overview

7

Static

static

3

4ab25954b0...18.exe

windows7-x64

7

4ab25954b0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe

  • Size

    364KB

  • MD5

    4ab25954b04b29f7eff05d5f591ece7d

  • SHA1

    e532ee56f1f6784d510c77c37b8a78816b5eb212

  • SHA256

    24baa9daf9de9cae7b78bf437acc69d0ef40cf3683187b04363d3c4da8887cf8

  • SHA512

    42dd30359434719ee3270571b9204413620076d9eab8fba414208a415227c3bf04f40d2a732d29c6c17f7090cd6e782f28d77fdae41ad73474d8dcca2edae91f

  • SSDEEP

    6144:wLdfmIQ5cCnUQfrDD6dPvw2ONKp/gSDGEIZdlQmafsQQkwb8mEYo5:ufVgcCnPrv6t7YSDGEKlQmafsQQAmo5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4ab25954b04b29f7eff05d5f591ece7d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\weeC21.tmp
    Filesize

    259KB

    MD5

    b306ab9b08461997d0773b10327d1da4

    SHA1

    4033c7e085673cbe594d0e27b1c7bba133288f63

    SHA256

    1790962276c256c6ab98b1739a6bf730d82d9129709e75100782b8819a086749

    SHA512

    cead354d277ea86729ed9913cdc74a873bc8776cd8cc0dad20781a5aba86c30230d453127e8aaa2c99f48ceab71a8541dffa32b110de65b6199d1c2be3fbffba

    Download Submit

  • memory/2460-7-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-3-0x00000000003B0000-0x00000000003F6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2460-4-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-5-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-6-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-0-0x000000007422E000-0x000000007422F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2460-10-0x000000000C7B0000-0x000000000CF56000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2460-18-0x000000007422E000-0x000000007422F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2460-19-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-20-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-21-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2460-22-0x0000000074220000-0x000000007490E000-memory.dmp

    Filesize

    6.9MB

    Download