Overview

overview

7

Static

static

7

151dc349a8...18.exe

windows7-x64

7

151dc349a8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 07:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe

  • Size

    137KB

  • MD5

    151dc349a80dbf384aa4c1fccb7f4e8b

  • SHA1

    8c8265f58e80f3ee2daca914ee820df38abc2492

  • SHA256

    2ece07f7fc8e311e430be79b43a4f913e5ea4944b442081bcc9613398b5e551d

  • SHA512

    4cb64e0d0b3878fc0d351b9a28ad8c21391895eee943dd87add1a9731f532bc17899ea69d611cd3d6f8db35f3b112e38f7c8119f5afb54d61b3c618a74108275

  • SSDEEP

    1536:u/nrqyjrPvRu/BCjnqy8B/lCew3h0Yb9hzuMYaHqW5g1HklJNprKR9lpJtHL53Wn:Ye8jMCjM/keGyMYaKW6WXrORRJtrlq

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\151dc349a80dbf384aa4c1fccb7f4e8b_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2184

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\connecting_icon[1]
          Filesize

          301B

          MD5

          81f2114b7bcc913245df781df3eb9ae5

          SHA1

          46beb25a2a30e66c65ebddb72f836542e3655d21

          SHA256

          13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

          SHA512

          446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

          Download Submit

        • memory/2184-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2184-30-0x0000000000400000-0x0000000000458000-memory.dmp

          Filesize

          352KB

          Download

        • memory/2184-32-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download