Overview

overview

7

Static

static

3

1c190d6862...18.exe

windows7-x64

7

1c190d6862...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c190d68622881257df63c3994fd6ac9_JaffaCakes118.exe

  • Size

    166KB

  • MD5

    1c190d68622881257df63c3994fd6ac9

  • SHA1

    d2e010e703055e259d8c0fc69073bdd7a40e56ea

  • SHA256

    d6ee879555b422e175e0a6149b3ac542c5784f278da298e9de08ed3f8b85794e

  • SHA512

    c6172693231b440d6782eb12a9ab85951d18c52f7003e9b33e1877af45bde278eafdd275898c898be3616e3a0cbea4f89eebc97f6deb28bdfd1f0978d9cae104

  • SSDEEP

    3072:vzXbecErQwV58yfLBH+Js448R76j5aZIffFynk9LrsGXcoWk7PunmJOL3Oo:vzycErQw4yfLBeJGFaZIFak9LrXXcG7G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c190d68622881257df63c3994fd6ac9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c190d68622881257df63c3994fd6ac9_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\hg.exe
      "C:\Windows\hg.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 36
        3⤵
        • Program crash
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\hg.exe
    Filesize

    146KB

    MD5

    3569bdca1ed02e225511fc2164bd7bf2

    SHA1

    4f38447c6161f773ccad70426d2ce4a5869f3349

    SHA256

    bd0138c1e39aabc1a0c9c894d063006518f7d2d6328850bda7cb44dc2ea40630

    SHA512

    5fc61d3ad9b5eb3a3d1633be83c8f09c0627c5e502de1adf615415518750b2371b9a506c2a24a7c61aeae1b36444ea01800f8009aba8b5f497178be4b7512b64

    Download Submit

  • memory/2020-0-0x0000000000400000-0x000000000042B200-memory.dmp

    Filesize

    172KB

    Download

  • memory/2020-8-0x0000000002BE0000-0x0000000002C3A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-7-0x0000000002BE0000-0x0000000002C3A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2020-11-0x0000000000400000-0x000000000042B200-memory.dmp

    Filesize

    172KB

    Download

  • memory/2020-12-0x0000000002BE0000-0x0000000002C3A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2420-10-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download