Overview

overview

8

Static

static

3

91592126d8...18.exe

windows7-x64

8

91592126d8...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91592126d817694239ae18528aa1c349_JaffaCakes118.exe

  • Size

    769KB

  • MD5

    91592126d817694239ae18528aa1c349

  • SHA1

    68a39ce122f3ea425598d961f27012e98379803d

  • SHA256

    9a4b0207d7aec705a376b29a7334bd780069f7d10ee0ab8dc69950817d81de2d

  • SHA512

    4f279122d8769fd140dbf79f098dc5085320a0dac6a77e5d94437dfbec9df324187ea40c22efebb2d7b8fbb958f80afa9a9299ba165ec261757e91a58978e3ff

  • SSDEEP

    12288:CSQqalk9lLWwiIjJR+/pCB6CSEavf9uq0HzsYVWxY7Ow6j33b6K/W:pQqfjLWwiIjJUsW98z57z6bp/W

Score
8/10
persistenceupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91592126d817694239ae18528aa1c349_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\91592126d817694239ae18528aa1c349_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\windows\servicew.exe
      "C:\windows\servicew.exe"
      2⤵
      • Adds policy Run key to start application
      • Sets service image path in registry
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2356
    • C:\windows\smart_scan.exe
      "C:\windows\smart_scan.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\servicew.exe
    Filesize

    32KB

    MD5

    b7b03a96bf6e5b27a5db2eba4e477669

    SHA1

    b94f5e2f20ae580d6d330bfe12087903aaaf8e22

    SHA256

    a11459fa470bdcc41d2f94bc385a2db0117c09051a9d4567f2643dfab62f6c4d

    SHA512

    0395e778ea53eba904ceb24d10bb0d9bd842ef1839ea9d1e6d3dfc37d107c944e3ab461264fcc1c00ce151e6d54343bffca2b4db2ff8d8d0ef1ae30c4e6c5a9f

    Download Submit

  • C:\Windows\smart_scan.exe
    Filesize

    329KB

    MD5

    ee8df1de63938957fe5d251d810c96ff

    SHA1

    ee10ee943ccad05266b7a7c6477a48daa3ef1073

    SHA256

    7ee91e95f21c574a39d9e62248fffab315d5b39c05f45d64ac90a6f38469c739

    SHA512

    5a1ce6706d7118aa0cf0795a4df834c415f1ece53ada780d6a25c842f17cfeb26e9d77fc303144a71220b92d62d208ea354320d4a6138e5a996c88c10925a4da

    Download Submit

  • C:\Windows\unrar.dll
    Filesize

    342KB

    MD5

    819189a8d40c2b9ed024551bc60341e6

    SHA1

    e43038cac48d113ec172e684ed7a965b6781f558

    SHA256

    54726968ada012c4695dfff5fc4bf8d44194720c34d091fbcd253fe09102d777

    SHA512

    c5e8768d5b4783f9eedfcc21b264f4ad78a278dd817c6dc65ada758ba313ada3b2fb4dc5ecc6e27461f05d15ef5866523eadd17d8d528a05ecc11f67b3ca738c

    Download Submit

  • C:\windows\iecomn32.dll
    Filesize

    33KB

    MD5

    72e3469553ee707aef3dcfb13b44e16c

    SHA1

    66e3933b710e417ed28c6df721818e6fa3f06490

    SHA256

    1efafb0082e6bd2cd3f82c6d1b9492acc04e026de9bb6ab875c8a2520fcb5dd1

    SHA512

    2f5692339735220d218707a648002d04603acc376107a24f9f5736fcf340d47c383f22a168318c59a9eaed49fc6c1d11e8141660dfa98de41ceb74ffdbe6d833

    Download Submit

  • C:\windows\viaud.dll
    Filesize

    10KB

    MD5

    87b1332687d631003e9d8c8c6f5bcf19

    SHA1

    451ab3a3d30d679c64c679cbb424901bcea6a088

    SHA256

    e91ad3f2c385c9e1244f93e5d6e8b2992fffa926f6e262ca4b97bb3a4c1605a6

    SHA512

    21994b52974460f91e2e9b536efdece4bbdd47bd2a8330ed24fad4175db2f1439412eb66af14807e3b526258dd66e66feb804b18abd549ddd63d29009cb8b8b2

    Download Submit

  • memory/1368-16-0x00000000020B0000-0x00000000020CD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1368-12-0x00000000020B0000-0x00000000020CD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1368-41-0x00000000027A0000-0x0000000002B7F000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1368-48-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2356-63-0x0000000000220000-0x000000000022D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2356-93-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2356-88-0x0000000000220000-0x000000000022D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2356-89-0x0000000000420000-0x000000000043D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2356-87-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2356-20-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2356-50-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2356-64-0x0000000000420000-0x000000000043D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2736-91-0x00000000003F0000-0x00000000003FD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2736-132-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-49-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-67-0x00000000021F0000-0x000000000220D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2736-66-0x00000000003F0000-0x00000000003FD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2736-57-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-92-0x00000000021F0000-0x000000000220D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2736-90-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-65-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-59-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-51-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-53-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-96-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-102-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-108-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-114-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-120-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-126-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2736-55-0x0000000000400000-0x00000000007DF000-memory.dmp

    Filesize

    3.9MB

    Download