Overview

overview

7

Static

static

3

09822d090d...18.exe

windows7-x64

7

09822d090d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 16:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    09822d090d38cf0906c43de28af36b2f_JaffaCakes118.exe

  • Size

    103KB

  • MD5

    09822d090d38cf0906c43de28af36b2f

  • SHA1

    b74537fc2ea75464b25c9fe46d060d7db12a1781

  • SHA256

    bd35c11333e6602a51864452d84805926e77253998d97e3c162a53fe1542f7ba

  • SHA512

    83e22c6bcf4df567dbc2c8a9876301a8b6f2be749dfc8c7fe5208dacd8711783ed0e9125b8edfabc11fdbf0c1b7010eb76cdf3fb1da5aab6e324fbaa3bd6a42b

  • SSDEEP

    768:0qqYMYa/TMfwvmjdZBMZXQ3Qin4e/Qqhcwxc:JqYMz2wvdivQqG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09822d090d38cf0906c43de28af36b2f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09822d090d38cf0906c43de28af36b2f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Program Files (x86)\Java\jre-20\bin\jusched.exe
      "C:\Program Files (x86)\Java\jre-20\bin\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3048

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Java\jre-20\bin\UF
          Filesize

          13B

          MD5

          f253efe302d32ab264a76e0ce65be769

          SHA1

          768685ca582abd0af2fbb57ca37752aa98c9372b

          SHA256

          49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

          SHA512

          1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

          Download Submit

        • \Program Files (x86)\Java\jre-20\bin\jusched.exe
          Filesize

          103KB

          MD5

          23e3eacaf52e76cc8ff0959148f8e384

          SHA1

          549f115234fecf6aa71067cf01c34f0b535a5b90

          SHA256

          70474e027c5464b0ca6b968c8cdf315b4c7a8abac7d0f505c07128315864cd15

          SHA512

          a7fc8074481e27a661f52d900b50e781711f12ebe58d2267a9a51ed736c3a0d92036b886589834ed070cbfe09af0afe93e9d6016917b30a2b6e090424ba0cfda

          Download Submit

        • memory/2176-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2176-12-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2176-10-0x00000000042E0000-0x000000000430A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/3048-13-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download