Overview

overview

7

Static

static

1

a407180495...18.exe

windows7-x64

7

a407180495...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a40718049568062a27a4b65fafc47f56_JaffaCakes118.exe

  • Size

    340KB

  • MD5

    a40718049568062a27a4b65fafc47f56

  • SHA1

    8b5da5d2229515037e7b74d42ceff03d8e6a88e3

  • SHA256

    358acee4a278999b4e567c8af901b26c72103e3c52ccf3f768f08a9131125dc8

  • SHA512

    00d5ae953a1d36c19efe1b242b01ab07cab75d30a317f36f3e03e5a280efbb13356dfdd5a9feacf0b161ec0be2916e6df3f52bfb9cbd1324d4958b0226ff440c

  • SSDEEP

    6144:MoS/RRruuKggC7pHuutLa4Q4Y5GtpyW8hiekhzUND8:MTRhKggOHuELa4Q4eGtoW80LuD8

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a40718049568062a27a4b65fafc47f56_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a40718049568062a27a4b65fafc47f56_JaffaCakes118.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:3044
  • C:\Users\Admin\AppData\Roaming\Believing Bevy\Believing Bevy.exe
    "C:\Users\Admin\AppData\Roaming\Believing Bevy\Believing Bevy.exe"
    1⤵
    • Executes dropped EXE
    PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Believing Bevy\Believing Bevy.exe
    Filesize

    64KB

    MD5

    988c01d600dc52a6cce0bcc83a0d65da

    SHA1

    dde9bd780f93c69b8127227358b5ccb512b7f302

    SHA256

    04bf95d11f5af19c67eb15a46e16a2fb46c418e9d2da670a9854dac5e212ad10

    SHA512

    1a2acb5542d9ceb6eef30b43912aa219da8fd06e654c43a1dd9e5bf898abcc2c27ce3d59681b47ad5f683f21c4cf096b3794e8b6575dbb78a49aaf05eb9e11c1

    Download Submit

  • memory/3044-1-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-2-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-3-0x00000000000D0000-0x00000000000D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-4-0x00000000001F0000-0x0000000000219000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3044-5-0x0000000000220000-0x000000000024F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3044-9-0x00000000001F0000-0x0000000000219000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3044-16-0x00000000001F0000-0x0000000000219000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3044-12-0x0000000000650000-0x0000000000677000-memory.dmp

    Filesize

    156KB

    Download

  • memory/3044-25-0x00000000001F0000-0x0000000000219000-memory.dmp

    Filesize

    164KB

    Download