Overview

overview

7

Static

static

3

22503e43e6...18.exe

windows7-x64

7

22503e43e6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 11:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe

  • Size

    113KB

  • MD5

    22503e43e69c0b203f268d1ffa0256bc

  • SHA1

    87bbecd5caacda15bc20b8a02ec099ffdab7b228

  • SHA256

    faa4b8e126aa40c79c41f964520d298434ef6b0c9a46291cc573cf3faae20c85

  • SHA512

    e305b920fc01ab8fab2a6ebe0981a10f1bad1ca738e5d22b4d843b5d84f25bb18f0e902538c052d67485974db3c87c6d50c18e7996336767e4328e09917ff879

  • SSDEEP

    3072:izOo6ySNb+zUbp8FxsooLUPQzYO97pDXJgZ:mQyqp8FxsooYPFO97p

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\22503e43e69c0b203f268d1ffa0256bc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\didsc.dll",VecLoadFile
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:3600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\didsc.dll
          Filesize

          113KB

          MD5

          d333c0ef363eeab50e420f445ecbbf8c

          SHA1

          423873e78786f9bccd9278b0e92d399372a37261

          SHA256

          5adb3d88e17d316728206cb6557c38cfbc636e7e5140121cc590765adfa49e6b

          SHA512

          5e6dc52d13642faf53e62d777b5fd0f5774df5576734125c6399eadbd86605e6e75c9f8f7f15a0f5c34c580d62f8ab27d14ec80a94aa1893f809720a2a731872

          Download Submit

        • memory/2168-0-0x0000000000490000-0x000000000049F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2168-1-0x00000000004B0000-0x00000000004D0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2168-6-0x0000000000490000-0x000000000049F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2168-15-0x0000000002180000-0x00000000021A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2168-19-0x00000000004D0000-0x00000000004DF000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2168-28-0x0000000010000000-0x0000000010020000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3600-23-0x00000000029C0000-0x00000000029E0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3600-27-0x0000000001020000-0x0000000001021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3600-29-0x0000000010000000-0x0000000010020000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3600-31-0x0000000001020000-0x0000000001021000-memory.dmp

          Filesize

          4KB

          Download