Overview

overview

7

Static

static

3

0a7007f580...18.exe

windows7-x64

7

0a7007f580...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe

  • Size

    112KB

  • MD5

    0a7007f5802841664a2c589d2a4e9bce

  • SHA1

    b0a611f22be148ad804382b2063929b619172beb

  • SHA256

    4b48ad96581de0d0baf722dacaa8a1d60d06f83fd7ad8e2af121a2b4b1350f1c

  • SHA512

    c665dee4a5bc6e7633a32d70e8782d687817861a85d974668e891c4198a518a6edf034685b3fb77a10501fb034988cc2a0112d4afd5d733f2dea40857f506121

  • SSDEEP

    1536:LPqKgbwDeVyAUHwGvVJrYJeyxWxVhkITI5ywWFfB8lBTxe5P1PJ:9gbwDKyLwGvTrYkg6BJR6ns5PFJ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Unexpected DNS network traffic destination 10 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:4676
      • C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe
        3⤵
        • Checks computer location settings
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1136
        • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
          "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" DEL:C:\Users\Admin\AppData\Local\Temp\0a7007f5802841664a2c589d2a4e9bce_JaffaCakes118.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2344
          • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
            "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • Suspicious use of WriteProcessMemory
            PID:3712
            • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3192
              • C:\Program Files (x86)\Common Files\Java\Java Update\jusched .exe
                "C:\Program Files (x86)\Common Files\Java\Java Update\jusched .exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                7⤵
                  PID:3232
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1464

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        Filesize

        112KB

        MD5

        4ff2ea67633246e984b67dbb274be04c

        SHA1

        89e6eeb08f2436686a45abca94574cd6a42caffb

        SHA256

        2886f66d8190ee5b1e8d59aa4548ba4acbfe5dde702a55e6b0910429e1bdfd14

        SHA512

        be58753c9252c9969197ac562dc8f759d6819fe82e8824d669ff290a77cf94690c470930690fbfec5f7986e4896a2184c45e488a95c7fcf7009662ad9a4e839c

        Download Submit

      • memory/1136-5-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/1136-9-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/1136-29-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/3192-37-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/3712-32-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4676-2-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4676-4-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/4676-6-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download