Overview

overview

7

Static

static

3

16c73dea67...18.exe

windows7-x64

7

16c73dea67...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16c73dea677363c947cdb1ddf368e966_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    16c73dea677363c947cdb1ddf368e966

  • SHA1

    2751751b5b3d0b3007480ec98a89e0c4bc3569ec

  • SHA256

    aaf87a5dda1ab6241e100039e7bf80fc128852855a6a3aa8cbe3edfa17948fd7

  • SHA512

    1360100825c87193f26e33ab91b3733d4571803392aea10a62e998efbd214c149e61e41044a23b41f94c39d3b27ac1f9580e006ca49fbeaa75f2556c6266fb05

  • SSDEEP

    768:GxWyFMPYLT9mr8W21Nu+8rIplLpg3vS7IkTGEvH:woYdmr8W27uWe3u

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16c73dea677363c947cdb1ddf368e966_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16c73dea677363c947cdb1ddf368e966_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\cuoh.exe
        "C:\Windows\cuoh.exe"
        3⤵
        • Executes dropped EXE
        PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
    Filesize

    8KB

    MD5

    99632a6feffb44e88c20b3aec33d6ee8

    SHA1

    2712524c3e9924c097fb6b22210d336c5c757042

    SHA256

    484602c639df1f77332e78561496e5d69bf4ef9ef9970f2ab0b8471dae07ff80

    SHA512

    72eb8387b3779ecf96e0d707ce17f7dbebfdfe0328b43bde02e42e576624637308df6582633bc7411692a2b658dd851dc51d4ed42ae8108d426fe188aa7ad978

    Download Submit

  • memory/2160-6-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2160-10-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2972-12-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4804-0-0x0000000001000000-0x0000000001015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4804-13-0x0000000001000000-0x0000000001015000-memory.dmp

    Filesize

    84KB

    Download