Overview

overview

8

Static

static

3

07336d4e53...18.exe

windows7-x64

8

07336d4e53...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07336d4e53a0d4fc64601e0763b2940d_JaffaCakes118.exe

  • Size

    126KB

  • MD5

    07336d4e53a0d4fc64601e0763b2940d

  • SHA1

    483009aa16dd9810e836b7e3450ca6d3b6d0d2e1

  • SHA256

    b1795c131517b9d94c5b539ab622ce0ba79e102166c36c71eb53b994700e8dc3

  • SHA512

    2484c58bfd84f62446bae1944a70627631e0819966ee58d44d884e6c7d4ad72e615a62e07ea2d30bfd273b75460805feca7388ddc028c4d5094b851b95b7b4e7

  • SSDEEP

    3072:Rk7XtRg6scUQGwsyW9z6a+I64NYrXJskSu3oGY3fcg:R8zg6scUQX9YKDeSJdrJAfl

Score
8/10
persistence

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07336d4e53a0d4fc64601e0763b2940d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07336d4e53a0d4fc64601e0763b2940d_JaffaCakes118.exe"
    1⤵
    • Server Software Component: Terminal Services DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2324
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Deletes itself
    • Loads dropped DLL
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\documents and settings\local server\windmad.dll
    Filesize

    108KB

    MD5

    a45bd55921c7d8f559c0dd83c4df4974

    SHA1

    7e4b06bfe22de3d460f203e843582a2581234dee

    SHA256

    bf2fb4227ae3e64bfa324ce2ebb10af4a212b739f87bddfa9bccbb680e1f6148

    SHA512

    2bfb6a729438c57e61a6b4dbd96c417eb633a3d77c93ee27312e8334c04233b9a28a06796d3edac355bb9ebde127a316e96ab28346eced636e879f40edc867cb

    Download Submit

  • memory/2324-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2324-5-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2612-4-0x0000000010000000-0x000000001001E000-memory.dmp

    Filesize

    120KB

    Download