Overview

overview

7

Static

static

1

69153229a2...18.exe

windows7-x64

7

69153229a2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69153229a224c99a9b40294992d0647b_JaffaCakes118.exe

  • Size

    345KB

  • MD5

    69153229a224c99a9b40294992d0647b

  • SHA1

    7d44a1e0f6baacf40c008c2178b2485fca6a3036

  • SHA256

    218a795106b30706f8706b35374141691150acef379227e9310ea5e7ce79827b

  • SHA512

    f88d93698b19fb77947a9e684d7d3cfd521831333d2223297ac187e93aabd3a5fba4dcec9279f0a6670df9a213bd2d1431b08dd531108715abeeaa23b9b0c158

  • SSDEEP

    6144:p2NW40bKvfNHvJJ4q5kYoVNAHvditx5sxj3pix3+dC5ONWIWCF9lSde4uGUBKEO:p284hfNPUngvx9ixOdFoIWCblo3nEO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69153229a224c99a9b40294992d0647b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\69153229a224c99a9b40294992d0647b_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:216
    • \??\c:\9268959bb9b5201e880739\update\update.exe
      c:\9268959bb9b5201e880739\update\update.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\9268959bb9b5201e880739\update\update.exe
    Filesize

    411KB

    MD5

    918f548704dea6917a2fcf719d715596

    SHA1

    c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

    SHA256

    5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

    SHA512

    d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

    Download Submit

  • \??\c:\9268959bb9b5201e880739\update\update.inf
    Filesize

    4KB

    MD5

    30e39e98c98c84635f94b4302fd40f85

    SHA1

    51eb8fe6219aa91d90fcf105ea7640b806c438e2

    SHA256

    70fab8484d99ad0a6effab6137a0db3af491a16f41ac44665aadb71699291abb

    SHA512

    03a7f5f65b6678e08bd275d113eaddf9b97a972c033137a2d794bbccbd5b92a8bb518d7430c8caad5729ede8ba4d878f8c3ece3e317220242d6795ca4514f84d

    Download Submit

  • memory/216-0-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/216-1-0x0000000001002000-0x0000000001003000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-36-0x0000000001000000-0x000000000107C000-memory.dmp

    Filesize

    496KB

    Download