Overview

overview

7

Static

static

3

19a6d189f6...18.exe

windows7-x64

7

19a6d189f6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19a6d189f6f37286f7cfaa0963d86a63_JaffaCakes118.exe

  • Size

    511KB

  • MD5

    19a6d189f6f37286f7cfaa0963d86a63

  • SHA1

    50860bcbe75fabeb2eaf7310989dca869f28bc3e

  • SHA256

    529ae5e2605da6b2440e0eb126aa67c74c2bd12d1d4844e9ca1a3954d4c305db

  • SHA512

    0ee9d4f1ffc4e748351c9f848b77b2089097a55abbeecb38fc96f5a924bc59dd1c39fb0872c7d010b666e933c678c562a8d31f0ce488fce6f5ca8520d69dff9d

  • SSDEEP

    6144:RuaFmrZC9YOtyRkPyn9uA5TQfJAGUImt9SV72iEeTBR0:R9WZC9txPyQAKUImTj5eTv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19a6d189f6f37286f7cfaa0963d86a63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\19a6d189f6f37286f7cfaa0963d86a63_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Program Files (x86)\kVEyhRLg\svchost.exe
      "C:\Program Files (x86)\kVEyhRLg\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\kVEyhRLg\svchost.exe
    Filesize

    517KB

    MD5

    fc6595197e8abdb1e70b2bf8f4455d03

    SHA1

    336dbbfac70171a29c101846b76d2d8bfb8ded5d

    SHA256

    610dd5f273bf1cfd1c28882a61c0c29ab82ec5d693ed49fc6c38dff84221ad04

    SHA512

    7cb612a2988d92910c7ce6ba0f221b8bbd8673191865ab25a6466de15039b95f7701fbbb345d3cd108dcda5b5e748949edd34d69d4fda9590304e11ec387dba5

    Download Submit

  • C:\Windows\CLOG.txt
    Filesize

    165B

    MD5

    208653110b2308a3507b7840613fee2e

    SHA1

    ec02b25fd3838f9a2fe3085e6240b70ab109133b

    SHA256

    d03c883c3b430702892a386efc610cdb208145999d32d5ce21effb0d22c63c3d

    SHA512

    1f1a43e73378bb16ec9e87dcfd5dfe04a878377090724857e623c0a674c6aa511c6708edb02b072cf8906b7cfa33e8d733b83c174bf7c4771c6a9e80ab6d2b33

    Download Submit

  • C:\Windows\CLOG.txt
    Filesize

    1KB

    MD5

    3cb09abda4eadd9a0b347af1b9922339

    SHA1

    b357eba5f70e78e38d70a1ff05ad75fb2bf64a3b

    SHA256

    ac9f52056cbdea9352e0dcc53d4d808c0471758e5f4f3e7c94951ff4ad030b08

    SHA512

    60856c48e63919d3af5c67b447053661e69318f8ebafa1c50a4e6f111d3858ea7cb2290e87b7d50d28602e5515a70834c43fd56f844f375543a401e66b78931c

    Download Submit

  • memory/836-0-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/836-9-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2340-11-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2340-15-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download