Overview

overview

10

Static

static

3

0c27d97f58...18.exe

windows7-x64

10

0c27d97f58...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c27d97f58f86e0bf6743ad0597004b2_JaffaCakes118.exe

  • Size

    188KB

  • MD5

    0c27d97f58f86e0bf6743ad0597004b2

  • SHA1

    0ecf9581f4b363943e414a72c966f1d71f508bb1

  • SHA256

    6d0fbce3c3903013dd9e69ed3416f1e728db7baa369ca20f3fc6a8e87b5c6e8d

  • SHA512

    5aa7a66024e1631bc35e01b012bce42001e4f141bc59e348ad4248c46fd18210ab985ccbf1fcf7402f23ba0c7191e6c7c8d193f085326c8ec653939783b61336

  • SSDEEP

    3072:K7fyP+o5ROnFH5pY0hrDGILpLI0M/Dk4KrfXRdjnbk9bOlezfQnFTTvprw1W67W6:K76P+LCKs0tzXRdjbk9bbyvprww8W

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c27d97f58f86e0bf6743ad0597004b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0c27d97f58f86e0bf6743ad0597004b2_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\jchauk.exe
      "C:\Users\Admin\jchauk.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\jchauk.exe
    Filesize

    188KB

    MD5

    7a2fc0f5278c4830f69951490f04adb3

    SHA1

    e0928998e9e930b42d0159ae98f57018b199dd3b

    SHA256

    863a7932f5d98cc67301a3189f79082d61681d040297ed678ee029db3cd0383a

    SHA512

    47449d379b34176a624ee375dcb3f2ed2d8bf8ceef0d45f52736e4f3e3bce43b06f542b82ff60eaff8ef305cb52d7615ccf225c3552fb77e42e04a22e21e737c

    Download Submit