Overview

overview

7

Static

static

3

040bded562...18.exe

windows7-x64

7

040bded562...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    040bded562ad5fc4416c9125cd1c5435_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    040bded562ad5fc4416c9125cd1c5435

  • SHA1

    ff3b56c3656e4913aaa21b92737f277f68409120

  • SHA256

    4f6d62ea685160a59b9b88331ab90c3776266efd217db6188a4728f8f0824def

  • SHA512

    2fc682f3939d9468cb41f7783fa8ca53548e19be7b2dd45c46ff5dfd3dfa6fb9b802fcc973fc3d5da3d797a54bbf4fa6264533db316ae8cd8bc76b1bd44cfbf7

  • SSDEEP

    768:SFh7eVzWiadP5ps9EK1bBn+rGYOi44KIjUbcGG24:vVTwxaX46pbcGGp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\040bded562ad5fc4416c9125cd1c5435_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\040bded562ad5fc4416c9125cd1c5435_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Users\Admin\AppData\Local\Temp\Server.exe
          "C:\Users\Admin\AppData\Local\Temp\Server.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\Server.exe
      Filesize

      28KB

      MD5

      fad6cfef8ddfa6e8e1c5660bdb7a8d7b

      SHA1

      028cdc873c14dea53ea23bdfee53e98f28ebb90e

      SHA256

      8cd57a0bcc44363fa1cd42badd36f6235bb3bbcc40a1efb7e19382b81dc6c7b5

      SHA512

      3014d4377c2bcbc0d850b6a655d0bee5bc2245f1e358debb0d923331204c8f3f565e11116a87ac545296cd09c8e65648623af81526582080ab5e4ccfdc5fe844

      Download Submit

    • memory/1216-12-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1216-19-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2436-4-0x00000000004D0000-0x00000000004D9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2576-10-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2576-15-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download