Overview

overview

7

Static

static

3

1c9020e465...18.exe

windows7-x64

7

1c9020e465...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c9020e46505023e9866b574333c7517_JaffaCakes118.exe

  • Size

    222KB

  • MD5

    1c9020e46505023e9866b574333c7517

  • SHA1

    146f37bed97262b1c1aded3f0334338c59898597

  • SHA256

    2f33d2ea6fb304ae22d5521a4cc7e7f7e87b85c541693d4fd60109ae1d936a9e

  • SHA512

    474425e8e87f944ac2fe6d37e6c7a9b9166b157ee94a3c6f2595e50bb6422927b4478f74933a2b303bf1c6fb40474b16b79015a2aaa54fbf5c30c16c6fe42aac

  • SSDEEP

    6144:aKELo7vYSoZ/8RX55/rb99H1lYE4rmpRGt5u8RhgeRZ:mLorYH2p5/rbVlb4CmtWer

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\1c9020e46505023e9866b574333c7517_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\1c9020e46505023e9866b574333c7517_JaffaCakes118.exe"
        2⤵
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:432
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server1.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server1.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1280,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
      1⤵
        PID:4304

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server1.exe
        Filesize

        178KB

        MD5

        3ff043542d175ab1f1e6c9006f54c1f3

        SHA1

        a8a5959d57ad48893ff6d5422732081ba8cee979

        SHA256

        68d5393e75df72178c1f352ed8a912cf31a404c9aa95f5412dcbd8bc17539fd2

        SHA512

        e7b54a5b31570ed39536b6e31d7e3682860aea01a96146aef8ee4fca0fd0060a401fec403ab8a4583eafa1d5ee923959a757a08fb7874120dba2960ea4b2fc02

        Download Submit

      • memory/1336-8-0x0000000010000000-0x0000000010011000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1336-9-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/1336-5-0x0000000000401000-0x0000000000403000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1336-6-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/3388-11-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3388-13-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

        Filesize

        24KB

        Download