Overview

overview

8

Static

static

3

2148750449...18.exe

windows7-x64

8

2148750449...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 05:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2148750449177e8ddaf033eeafdc85e3_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    2148750449177e8ddaf033eeafdc85e3

  • SHA1

    973ab3dded46d29e24451963c1f994f4ad34d0f7

  • SHA256

    8f87673adcb28eac248f2901335bf16db475e29897a402bbd4b3d4833043a595

  • SHA512

    c8a6bb07e9a3e4dce46faf5d188b11cecf41b5771c3d2587dff7bb440aba78107809c27ff638220478bfa5a42bcf9f6306e84341450830e8de1e4ce74b67ca3f

  • SSDEEP

    768:NTL2wlO2Sy/z87NzzBpKoBGrTfBMbRcBgIxcrEQKZO5uQt1RSAh5dO2/pV+n4w6Q:V3loy/EpBpKOGrTZTZAO8kQt1R/5Y76Q

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2148750449177e8ddaf033eeafdc85e3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2148750449177e8ddaf033eeafdc85e3_JaffaCakes118.exe"
    1⤵
    • Sets service image path in registry
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\KillMe.bat
      2⤵
      • Deletes itself
      PID:2108
  • C:\Windows\SysWOW64\jsefusf.exe
    C:\Windows\SysWOW64\jsefusf.exe -service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\KillMe.bat
          Filesize

          239B

          MD5

          d35e61d3d0a13f356e3e5876c019046e

          SHA1

          5790d02d6f2cdb0aa2c1230c25251453ee62e3c9

          SHA256

          2280ab8f5da1a6576e63d01b8d4fd9eef38cf34779d7e9d6c372c7fbb73633a3

          SHA512

          daec962fc511523658f5a1f618c2ae1412ac925f83d87ef95b2d4177d3e3bd3bbcf73b4d006cd1837071e79c77cb086484cc3d5b3a22eba661b5d4ab35321257

          Download Submit

        • C:\Windows\SysWOW64\jsefusf.exe
          Filesize

          41KB

          MD5

          2148750449177e8ddaf033eeafdc85e3

          SHA1

          973ab3dded46d29e24451963c1f994f4ad34d0f7

          SHA256

          8f87673adcb28eac248f2901335bf16db475e29897a402bbd4b3d4833043a595

          SHA512

          c8a6bb07e9a3e4dce46faf5d188b11cecf41b5771c3d2587dff7bb440aba78107809c27ff638220478bfa5a42bcf9f6306e84341450830e8de1e4ce74b67ca3f

          Download Submit

        • memory/2464-3-0x0000000000400000-0x0000000000422010-memory.dmp

          Filesize

          136KB

          Download

        • memory/2464-16-0x0000000000400000-0x0000000000422010-memory.dmp

          Filesize

          136KB

          Download

        • memory/2488-0-0x0000000000400000-0x0000000000422010-memory.dmp

          Filesize

          136KB

          Download

        • memory/2488-13-0x0000000000400000-0x0000000000422010-memory.dmp

          Filesize

          136KB

          Download