Overview

overview

7

Static

static

3

22503e43e6...18.exe

windows7-x64

7

22503e43e6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe

  • Size

    113KB

  • MD5

    22503e43e69c0b203f268d1ffa0256bc

  • SHA1

    87bbecd5caacda15bc20b8a02ec099ffdab7b228

  • SHA256

    faa4b8e126aa40c79c41f964520d298434ef6b0c9a46291cc573cf3faae20c85

  • SHA512

    e305b920fc01ab8fab2a6ebe0981a10f1bad1ca738e5d22b4d843b5d84f25bb18f0e902538c052d67485974db3c87c6d50c18e7996336767e4328e09917ff879

  • SSDEEP

    3072:izOo6ySNb+zUbp8FxsooLUPQzYO97pDXJgZ:mQyqp8FxsooYPFO97p

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\pepsh.dll",VecLoadFile
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\pepsh.dll
    Filesize

    113KB

    MD5

    30f8b5a21bf48e19f95a6c4b114ea990

    SHA1

    8dd822a6d1cb343dfa489d81742ce42e8554ca66

    SHA256

    e64d4eb1c4f59b3df854eadb1e990070b28b1985d4b64300308a17556665aa7d

    SHA512

    68b3ac67865a8bba7b338b125bd01c4af12ea097742f4533314ba690d3640826f3ef1595e97dd670030f733b7b9829cda68992269ad8b8c34161133e2ebebe23

    Download Submit

  • memory/2868-21-0x00000000001D0000-0x00000000001F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2868-25-0x00000000001B0000-0x00000000001BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2868-27-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2936-1-0x0000000000240000-0x0000000000260000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2936-0-0x0000000000220000-0x000000000022F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2936-11-0x0000000000310000-0x0000000000330000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2936-26-0x0000000010000000-0x0000000010020000-memory.dmp

    Filesize

    128KB

    Download