Overview

overview

8

Static

static

3

01fb4ad7f9...18.exe

windows7-x64

8

01fb4ad7f9...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01fb4ad7f9f952257c340a7e92aa117a_JaffaCakes118.exe

  • Size

    21KB

  • MD5

    01fb4ad7f9f952257c340a7e92aa117a

  • SHA1

    c632cbc314afbd8519427a2ade568f3de327c606

  • SHA256

    6fe5b331eca7fa6aed67e56a58f1e341e00bd7b17056a2eddf336c5aed0aebb0

  • SHA512

    83bda079b093244a0d74770f7b2f2814a0196e12817f2f01371fcbaa83a596df77fdca27869cf8f1443dd69726387285ce985c9dfff1cb8f47869f73a6bf3c03

  • SSDEEP

    384:mUW/WYxGOuScZklyzMAZAwuB0CqJNx5OkQKMIka+bncEN8jxt9e9Pfqbn1RW/Wg:KsuljixbLJNx5gIka+bR/a5W

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01fb4ad7f9f952257c340a7e92aa117a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\01fb4ad7f9f952257c340a7e92aa117a_JaffaCakes118.exe"
    1⤵
    • Sets service image path in registry
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4312
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\delme.bat
      2⤵
        PID:3080
    • C:\Windows\SysWOW64\2D721174.EXE
      C:\Windows\SysWOW64\2D721174.EXE -k
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:3188

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\2D721174.EXE
      Filesize

      21KB

      MD5

      01fb4ad7f9f952257c340a7e92aa117a

      SHA1

      c632cbc314afbd8519427a2ade568f3de327c606

      SHA256

      6fe5b331eca7fa6aed67e56a58f1e341e00bd7b17056a2eddf336c5aed0aebb0

      SHA512

      83bda079b093244a0d74770f7b2f2814a0196e12817f2f01371fcbaa83a596df77fdca27869cf8f1443dd69726387285ce985c9dfff1cb8f47869f73a6bf3c03

      Download Submit

    • C:\Windows\SysWOW64\delme.bat
      Filesize

      239B

      MD5

      561e6524c5c82264353ee1d1e0e83fdc

      SHA1

      ee96880a7b2f4747c9773b637f364206968c1e03

      SHA256

      b663bd1416e6cd82521dc9291889b98d9221cdfe2ef75ad234c5e6b4464a285b

      SHA512

      4e6b34ff621437f6af4be208c7a1f6ca27d3851747e2034ca936ad931683e2896dd79efe497a9cee17d78eedb728e294408a3a66dde782467fe2a3dadfcba2f6

      Download Submit

    • memory/3188-6-0x00000000004A0000-0x00000000004A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3188-5-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/3188-12-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/4312-1-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4312-0-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/4312-10-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download