Overview

overview

7

Static

static

3

00513ae9f8...18.exe

windows7-x64

7

00513ae9f8...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00513ae9f8f4efe501fa7aa78d635486_JaffaCakes118.exe

  • Size

    745KB

  • MD5

    00513ae9f8f4efe501fa7aa78d635486

  • SHA1

    ae431161a2430eba097a29185a0e4728c1caac5b

  • SHA256

    f312c93d3b5a283804dcad78200d7f1e10d63bec4f5eb0adb495fd0e2c96eac3

  • SHA512

    d9c0fb6a517edfdca8cc1aa0017bf2d5f015090fa260f255b38d458ef2a5022de71f5c0fecbd19946a0ccc9b6674e9e8aa5cf87d122b0185bd598c2cced7b083

  • SSDEEP

    12288:QVTA3RzMTHj+3bppRfWZUPz3NsAHlo+BTUIGc8kiu0cv6oEl3S+sn5Wbg6IP:Q2RzMTD+NpRfWZUP7f7BTUIGc8ki5cvX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00513ae9f8f4efe501fa7aa78d635486_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\00513ae9f8f4efe501fa7aa78d635486_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2632
  • C:\Windows\0xday_huigz
    C:\Windows\0xday_huigz
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\0xday_huigz
    Filesize

    745KB

    MD5

    00513ae9f8f4efe501fa7aa78d635486

    SHA1

    ae431161a2430eba097a29185a0e4728c1caac5b

    SHA256

    f312c93d3b5a283804dcad78200d7f1e10d63bec4f5eb0adb495fd0e2c96eac3

    SHA512

    d9c0fb6a517edfdca8cc1aa0017bf2d5f015090fa260f255b38d458ef2a5022de71f5c0fecbd19946a0ccc9b6674e9e8aa5cf87d122b0185bd598c2cced7b083

    Download Submit

  • C:\Windows\uninstal.bat
    Filesize

    218B

    MD5

    706aac15fefa2141598de463d8ff415a

    SHA1

    d1211565a6045c513570e08d39a74471ab986b0d

    SHA256

    5deef23d0564046075458fd652ebbe6c9492ab33dd21415a921034e4302aa6e0

    SHA512

    7c991ea48e4364daf46749c8dbfc19dfd597b50b7c61d2bc1f1b4824a2f6695c361bee236c841698f917fdf86a1162104bba7a564c45e1b4a76e6ee8f8a81aef

    Download Submit

  • memory/332-0-0x0000000000400000-0x00000000004C4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/332-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/332-14-0x0000000000400000-0x00000000004C4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2056-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2056-5-0x0000000000400000-0x00000000004C4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2056-16-0x0000000000400000-0x00000000004C4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2056-17-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download