Overview

overview

8

Static

static

7

22a2a8e73d...18.exe

windows7-x64

8

22a2a8e73d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 14:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    22a2a8e73dcb0852195983bfa75d18ff

  • SHA1

    27869531ed2177c5001c960d1e00196dbaea66b4

  • SHA256

    aac1616ba48c00242b9bd2b940fc63f63651bba53508a6ee091d5823d8216c07

  • SHA512

    8fb58b667cba340ea58b64b14789bfe5b3bda0ae6a923ff1982d17a4555c5bfa2f750c1e25508a4d9bf05276a69de878d923e050075f41ba1394d0e1b7bda292

  • SSDEEP

    1536:WA9x8XNKlJIPnYtmKRvXfoZ6Y5KsSKIinG0:WsxIKlJanYtmKRvEKf30

Score
8/10
persistenceupx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2944

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\ftp33.dll
          Filesize

          5KB

          MD5

          f00d56b8179157d274013a713d6f4944

          SHA1

          b437df0432997205b434e9d2d9d47aa351091283

          SHA256

          4c2185520a7439b33c8fab27ec54c79b6ae0cd9f179296be80fd4877b05ec096

          SHA512

          95d365cee7a6958da42e272c13ba13e470502de90da736a5dcff7fdb59df872040dbec087be7262b10fb3d59676ebd1366a5c1f17da9bc7184b722c912d6e76a

          Download Submit

        • memory/2944-0-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2944-9-0x0000000010000000-0x000000001010B000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2944-10-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

          Download