Overview

overview

7

Static

static

3

05a466219f...18.exe

windows7-x64

7

05a466219f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe

  • Size

    357KB

  • MD5

    05a466219f17b781055fe99ec0187cfb

  • SHA1

    1aeb8a69db6fc6a350dd353eb0c1da3a855848ca

  • SHA256

    f8daa64571ca1196c4c6319873c6bddd6c6e99bd6df3954fe1e29fe956043e95

  • SHA512

    62dcd81597fd8121a7a0d6cdb10d75ff8aa14cb4d2286f12e303401f5b60e3a3c38cea67dcfb8e280a5119ede4b360996b427e584dc3f67d95298a78e217ba5f

  • SSDEEP

    6144:astNcjg5z+EbCIGSmsZOpu6A0Q//TDtvenfvEtv9yiEgoL5BAqm8JREoR:DEjg5itIHZkux0advennA9SnAqVEoR

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1380
      • C:\Users\Admin\AppData\Local\Temp\05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\05a466219f17b781055fe99ec0187cfb_JaffaCakes118.exe"
        2⤵
        • Checks BIOS information in registry
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1380-4-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1380-10-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1468-0-0x0000000000400000-0x00000000007CB000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1468-1-0x0000000002370000-0x0000000002480000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1468-2-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1468-22-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1468-25-0x0000000000400000-0x00000000007CB000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1468-26-0x0000000002370000-0x0000000002480000-memory.dmp

      Filesize

      1.1MB

      Download