Overview

overview

7

Static

static

1

612fbe90dc...18.exe

windows7-x64

7

612fbe90dc...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    612fbe90dc8eb6ed653525d1bb831f1d_JaffaCakes118.exe

  • Size

    258KB

  • MD5

    612fbe90dc8eb6ed653525d1bb831f1d

  • SHA1

    be8e8f795144d6dad3375ef7f9765a04000950f1

  • SHA256

    3b89c0398f3ff27ab94ef8ee00222a26452771ef5a3ad19c9165c11be5dee46b

  • SHA512

    c4876d328f67efd3e29f378422dc1c8f2ac41086228cf95d7f1b6d7143b8b51253318869aea7c4ac2240c21c34f273c6b56a112daf666a09823901116f66627c

  • SSDEEP

    3072:zeaVr5gHqfrbmKPduWl22nimED8s1pqxt3YHADsobZph50FBRXDplTfyuURWIodS:Jr6HKbx9l2l1pqvYgwobZERHfEYhRFzg

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\612fbe90dc8eb6ed653525d1bb831f1d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\612fbe90dc8eb6ed653525d1bb831f1d_JaffaCakes118.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:2416
  • C:\Users\Admin\AppData\Roaming\Political Herd\Political Herd.exe
    "C:\Users\Admin\AppData\Roaming\Political Herd\Political Herd.exe"
    1⤵
    • Executes dropped EXE
    PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Political Herd\Political Herd.exe
    Filesize

    64KB

    MD5

    77c59aaf7758b6c7cbbb408f4e5eee6f

    SHA1

    949a2ac6b70561d3ee41b577ad7604e76804c370

    SHA256

    b427de2fcdbdee478958849a47b159c2c025c320c5b6d876cd99e7a33b3a8ebb

    SHA512

    d95889bbcc8ed1f382a59abb35a017a1149ff52ee9a5fba5482aa7115053c74c340cd392129765b36c2a28431dd2062225088263ccfad0ddd9f8468ca641f582

    Download Submit

  • memory/2416-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-1-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-3-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-4-0x0000000000210000-0x0000000000239000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2416-9-0x0000000000210000-0x0000000000239000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2416-5-0x0000000000270000-0x000000000029F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2416-12-0x00000000003C0000-0x00000000003E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2416-16-0x0000000000210000-0x0000000000239000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2416-26-0x0000000000210000-0x0000000000239000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2416-28-0x0000000000210000-0x0000000000239000-memory.dmp

    Filesize

    164KB

    Download