Overview

overview

7

Static

static

3

0f62bd0262...18.exe

windows7-x64

7

0f62bd0262...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f62bd0262468d92e6e09b81b2779ac8_JaffaCakes118.exe

  • Size

    61KB

  • MD5

    0f62bd0262468d92e6e09b81b2779ac8

  • SHA1

    b54e505344e3447c2cde3cd5ee4abd0aee3d8c66

  • SHA256

    8f0c3c7503e686f28d3cfeaaaffcbf1152f0a46c9a5968b694c487d9e8e7c441

  • SHA512

    950a537e9a021524a5f38f6598f11f46b437d0b30d70187c0137434f7602a3a6168c4ad5a50fbb60092771d3dc4845f7a074c2494a4055e25249970b8ce1d022

  • SSDEEP

    768:piExqgQCzrBjr4+uYpUwVG/vHNLyty5ynFzbjivumZurBweqSXH/S+WkDlUL3428:QExqgQRVxyc5QyR4mL+dDlaI2kSUzt

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f62bd0262468d92e6e09b81b2779ac8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f62bd0262468d92e6e09b81b2779ac8_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Windows\6193.exe
      C:\Windows\6193.exe
      2⤵
      • Executes dropped EXE
      PID:2752
    • C:\Windows\9599.exe
      C:\Windows\9599.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:116
      • C:\Windows\Svchosts.exe
        C:\Windows\Svchosts.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        PID:608
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\Deleteme.bat
        3⤵
          PID:1556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4168,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:8
      1⤵
        PID:4444

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\6193.exe
        Filesize

        512B

        MD5

        6285aa4f0b159d742ec10a07c06e6862

        SHA1

        dfb31a831a7a72524d0c94952be06792a03bb257

        SHA256

        c442dc95d0b86cd8db35acfd645b6836818419295464414077491b9adb889cc5

        SHA512

        51a6dbc2681147672f5c3c1f63c1511ac90dc9e803dfc7597ebeddacbab063500dd440a4672f28d96c58d3778d48dbae2f18b226197aabaa771e581a2661c093

        Download Submit

      • C:\Windows\9599.exe
        Filesize

        42KB

        MD5

        f447a4170493503509ded00c74b17337

        SHA1

        acaba6230efe7464480ffb5c99f73a3280405a69

        SHA256

        06a62de03fa0c771b7420336efd0abd7e479c8c63a0e99dfe5ea20d5e0357c6a

        SHA512

        0f354045ddb23ab6684658b37a2d9b94c7ed60fcf225338fc2b8bf89e591dde08dd1a5ca2bfac75181e7e57969ccc9526fb61a00bd52fb4ea0788c17912f0706

        Download Submit

      • C:\Windows\Deleteme.bat
        Filesize

        82B

        MD5

        74367ec0d7217a50780f447e16e83da3

        SHA1

        6d90b0dce15f5fe766c7c14c3c475c226092eb81

        SHA256

        8002e17db8b537f0db31dd7347f51d751d93284931b8317159cce394942b270d

        SHA512

        d4978016dd5d3d22f9604ba5d0abdf9a4a26a6f083784c33de2fb6af4f1fcc63b926ccd680c30ac696d1aa898d8021d97178b93055d00e1d79f553e8818ebec9

        Download Submit

      • memory/116-19-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/116-9-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-28-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-27-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-14-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-35-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-22-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-23-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-24-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-25-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-26-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-34-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-33-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-29-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-30-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-31-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/608-32-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2752-4-0x0000000000400000-0x0000000000403000-memory.dmp

        Filesize

        12KB

        Download

      • memory/2752-21-0x0000000000400000-0x0000000000403000-memory.dmp

        Filesize

        12KB

        Download

      • memory/4824-18-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download