Overview

overview

7

Static

static

3

7a1ee6bf4d...18.exe

windows7-x64

7

7a1ee6bf4d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a1ee6bf4dabe2fe0f414a928be28ad6_JaffaCakes118.exe

  • Size

    382KB

  • MD5

    7a1ee6bf4dabe2fe0f414a928be28ad6

  • SHA1

    bfa329578581eadc34ee7dbed660fdf5eb882a95

  • SHA256

    700d22cfe4ee01870dbb1dbb989e59e7014d8d59ea784af4c688de48e2cbff23

  • SHA512

    71beb51c9d6510f36a2189447b1a67a4596e7e0cc74d092ed1a1918bc9ae088b0c0c9dd5a7bfbec4be7d8aba8af5ac0b0270b9f694e4d1aa165e8a769d46241b

  • SSDEEP

    6144:1McaGLqwiO3S9O02uD2ZhrHNmGgs3W6kQMLnnGmHbxvvYk:1wGewiOC9FDKhrRgs3W6kznG03

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a1ee6bf4dabe2fe0f414a928be28ad6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7a1ee6bf4dabe2fe0f414a928be28ad6_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\sad24DF.tmp
    Filesize

    271KB

    MD5

    246cb7e3eb62c55cc0ab7810d0304f8d

    SHA1

    fd29cf506675689e5596a48716276aafb0fb94ec

    SHA256

    d6fd5de92ab893cb0355b37792e4f957fdc6e487a5bb4eee82019cdfc50d5356

    SHA512

    97f5933f37b054bf09851566a95bc544f5f86aef854b5347cf1a5ca31707e66ebff574abeee3dd9490d0df78cfd66f61c655c98097a8c88eaf572c8d82dcffea

    Download Submit

  • memory/2512-7-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-3-0x0000000000310000-0x0000000000358000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2512-4-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-5-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-6-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-0-0x0000000074ABE000-0x0000000074ABF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-13-0x000000000CA40000-0x000000000D1E6000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2512-18-0x0000000074ABE000-0x0000000074ABF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-19-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-20-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-21-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2512-22-0x0000000074AB0000-0x000000007519E000-memory.dmp

    Filesize

    6.9MB

    Download