Overview

overview

7

Static

static

3

05280e49fb...18.exe

windows7-x64

7

05280e49fb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05280e49fbf97c6a6a509507506ffa21_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    05280e49fbf97c6a6a509507506ffa21

  • SHA1

    546de77862ef84349634553bed81bc03db99d256

  • SHA256

    55f4efa04f3c04b5220979e210b30b9922aab16e1e84afffed1a1f08ea6e8ab1

  • SHA512

    f2a8e13bebf09718f425575f814bed4befb705a090e6c01b9a184fe18c89e01be218016c311168fc9f4854994f411b382e8d8b914e1012eeec57f51b6bd4115f

  • SSDEEP

    384:DI1ya5ogr1lnII+WGHUsqQmN2xFO76PT1Kixj:xa5ZrZYUsjzLK

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3444
      • C:\Users\Admin\AppData\Local\Temp\05280e49fbf97c6a6a509507506ffa21_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\05280e49fbf97c6a6a509507506ffa21_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\GenProtect.dll
      Filesize

      122KB

      MD5

      7d6e29f215247cc637d5dba5aec3dbc3

      SHA1

      baa948351c37c44d3376128ffcc4741d9a1ba796

      SHA256

      b2ac2cf7ec9db89b053066d29d65172633d61adcec2c679b220da95ef89be7d6

      SHA512

      334612aeef08c7adc241a401167aeaede368e6e074b9f02ba22bf4e9a354d2f47d5d83f3e613852ab70cb3b848e4eb212387044cb3a9147f2b826b5ec94465e2

      Download Submit

    • memory/3444-3-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4920-0-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4920-8-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4920-9-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4920-10-0x0000000010000000-0x0000000010009000-memory.dmp

      Filesize

      36KB

      Download