Overview

overview

7

Static

static

3

19fa73b761...18.exe

windows7-x64

7

19fa73b761...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19fa73b7615c1924bf868dc0969e4d3a_JaffaCakes118.exe

  • Size

    989KB

  • MD5

    19fa73b7615c1924bf868dc0969e4d3a

  • SHA1

    9271948a3630a79ce5220902c4a2b69d866438d4

  • SHA256

    384e3630946b1f02794b2563856c7cf61301255477bde023e5cfa856b767d1a0

  • SHA512

    7634b2e3aecc3f74e60b48c694da694235c6b75d68d2ea6c90b2935f1345a37271ec5a7c01712676c5143c4ad195460c603fc9e475e61b35d7e71082e637f286

  • SSDEEP

    24576:bvUQDho+MUq/G8nMyXBF6UrsnU5qmqjUoCE7Ao1knPWweq:jxDKKq/GgrZrdYmaUoCG1I

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19fa73b7615c1924bf868dc0969e4d3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\19fa73b7615c1924bf868dc0969e4d3a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Users\Admin\AppData\Local\Temp\IsFileCompleted.exe
      "IsFileCompleted.exe" -check -"19fa73b7615c1924bf868dc0969e4d3a_JaffaCakes118.exe" -"PC-_DRMBuster__4.3.3__+__Crack"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IsFileCompleted.exe
    Filesize

    144KB

    MD5

    7165707726376ed2258539fd5287d61e

    SHA1

    7665bd39d460e196f946a30c0caa2579b9eb5f4c

    SHA256

    cde32069795053c0204afd61604cc6a237f5a3d725e8366891e64dabbed380e7

    SHA512

    4ea57e8881b40181cbc0090edc655894d80bc90d93dd7ec128df59400ba82499ec7ed2d2598256ac30804c23897f3eb3678b51cc790efc606e6ea0a1a3a21ca2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1881.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit