Overview

overview

7

Static

static

3

0cc7aea12d...18.exe

windows7-x64

7

0cc7aea12d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cc7aea12dcb1c719c281c186fe53e4c_JaffaCakes118.exe

  • Size

    2.8MB

  • MD5

    0cc7aea12dcb1c719c281c186fe53e4c

  • SHA1

    48a02d6a917523716e17becc95b6b449d50ceffb

  • SHA256

    f28c793f683ba6deee7510b60f0a5e90830df59d81d10907c6bdbd08e3d5136b

  • SHA512

    b50072a50895f8e74ed587dfb16bd43b0a3ccf3b24304d6c6e052fb1d30a1af34d793424501ffb72bd701f9b2c9ac1fa1014d966a851fc9d5882fe06fc442d92

  • SSDEEP

    49152:Kh+Iy6ausuSc41msMQ/FwZcG+cpWgyJD9hixDHopctc+kMUeoW:KEIy6ak4MCM+8pKbi1H4hMUg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cc7aea12dcb1c719c281c186fe53e4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0cc7aea12dcb1c719c281c186fe53e4c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\0cc7aea12dcb1c719c281c186fe53e4c_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4416
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x414 0x468
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\NOD32.png
    Filesize

    72KB

    MD5

    be0fbff8e9330f29d06daa16fa6532ac

    SHA1

    005f4e11c3d5079a1eb7d2cdd0853211d6fe7369

    SHA256

    55bb257a5f110e3ed5218bf3ac0e785277c3918bc9ab58400fa7dc5fce48d945

    SHA512

    f36f039ab64069fbda4ce0aa81ebf956a4ca7644025d363b6a619d9911e9a3eeb1acc6bc254d3a1423a62cbe2fb213218998f3053ddd2f569c3929c0a2e7c8a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\update-button.png
    Filesize

    936B

    MD5

    410a51d506e46d96977ba17c0d62fc08

    SHA1

    222f975f927ebcf9c6a0763b7abb71dd245ffffa

    SHA256

    3507817bbcb56505a9e74d9e9513451d9f239a41e1c321cc9dee0cb238f6e5ff

    SHA512

    316ec8cfa968fa53b93ba510b8f7ef8fa6049ab9b441f0b96bff3e574b43090a42b4da3d0336c86a20103b1f7f2798dd8cad0cc6117cca713c272b24a632f71a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd
    Filesize

    11KB

    MD5

    0a5d1f6f364140063684926b508d272f

    SHA1

    8299a808f3a5058a22029e78b8f2fea2fa312002

    SHA256

    6b2b2640881482a70ef8ab5e5f5ff54157269863612b1154df028f5cc62ea4e4

    SHA512

    374448710b772612969963a122b11be19392e08fa12c3c329f7a95a5ec24f234782ae9e0e9254dff17f25a271714d716a15214d4b69e923759afa9723c6403ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
    Filesize

    2.8MB

    MD5

    78f01d099d2b759d2936c58f8005cbbe

    SHA1

    6996af950e4d6bb6fd2aa0af5cafae8af1d8c97a

    SHA256

    ffa740e17c4dac2cb65bf8d3e931992c73cf373a1203713d1743e247254f0fa6

    SHA512

    e92cba8948983db09acba445de04cbfd081854f3b468dcd102db8e67f89e94ead01fa1961ed823e1479b78e83cb005e22137dc98282abca019358d81fc3d45b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\x.ico
    Filesize

    97KB

    MD5

    7d53a14e6220cf0fbdb3b204c2a4064f

    SHA1

    c649d6e14d28a085bd153600cd4fe602e7ae071f

    SHA256

    9c7157762ee5f5643f00073d47b795807173efcfa282928747e3c9413906a7b4

    SHA512

    5be3d44daf663f8057e0c6154ed4e43d6b0406a75ee6f3b994b6c56a1a3d158d92e546614bf06490038726a74c6b1fe3e3c983ddb6313e79e4773b9b9dec5cc2

    Download Submit

  • memory/216-0-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/216-63-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download