Overview

overview

7

Static

static

3

5e3213e81d...18.exe

windows7-x64

7

5e3213e81d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 08:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e3213e81d58609732e196d3ae5c541e_JaffaCakes118.exe

  • Size

    833KB

  • MD5

    5e3213e81d58609732e196d3ae5c541e

  • SHA1

    54bb8f0ab2e9a5c46855d5eba5aabaa0e4f24d19

  • SHA256

    a36e70ee019e174ae9a9e69f1fd2cdfb208f9a24c84d1ab51b7efd44b073d856

  • SHA512

    4e905f4c97a22f6f7078c93c34a8262d55138097ff0851c8951079fd5852d427c5530b861edb1ec76092c445aae9c22ff878e88b0c4687541077a20d3594c91a

  • SSDEEP

    24576:MnjA7T2YCUqRzuE1VgWVPB4JY80kH3nk/R3/WAvWg:Mnm4XptjVp4J3EeAOg

Score
7/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e3213e81d58609732e196d3ae5c541e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5e3213e81d58609732e196d3ae5c541e_JaffaCakes118.exe"
    1⤵
    • Registers COM server for autorun
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2068-2-0x0000000000BB0000-0x0000000000D2F000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2068-9-0x0000000000BB0000-0x0000000000D2F000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2068-11-0x0000000000BB0000-0x0000000000D2F000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2068-10-0x0000000000BB0000-0x0000000000D2F000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2068-12-0x0000000000160000-0x0000000000161000-memory.dmp

          Filesize

          4KB

          Download