Overview

overview

8

Static

static

7

22a2a8e73d...18.exe

windows7-x64

8

22a2a8e73d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    22a2a8e73dcb0852195983bfa75d18ff

  • SHA1

    27869531ed2177c5001c960d1e00196dbaea66b4

  • SHA256

    aac1616ba48c00242b9bd2b940fc63f63651bba53508a6ee091d5823d8216c07

  • SHA512

    8fb58b667cba340ea58b64b14789bfe5b3bda0ae6a923ff1982d17a4555c5bfa2f750c1e25508a4d9bf05276a69de878d923e050075f41ba1394d0e1b7bda292

  • SSDEEP

    1536:WA9x8XNKlJIPnYtmKRvXfoZ6Y5KsSKIinG0:WsxIKlJanYtmKRvEKf30

Score
8/10
persistenceupx

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\22a2a8e73dcb0852195983bfa75d18ff_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:404
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4360,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
    1⤵
      PID:3396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\ftp33.dll
      Filesize

      5KB

      MD5

      f00d56b8179157d274013a713d6f4944

      SHA1

      b437df0432997205b434e9d2d9d47aa351091283

      SHA256

      4c2185520a7439b33c8fab27ec54c79b6ae0cd9f179296be80fd4877b05ec096

      SHA512

      95d365cee7a6958da42e272c13ba13e470502de90da736a5dcff7fdb59df872040dbec087be7262b10fb3d59676ebd1366a5c1f17da9bc7184b722c912d6e76a

      Download Submit

    • memory/404-0-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/404-10-0x0000000010000000-0x000000001010B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/404-11-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/404-12-0x0000000010000000-0x000000001010B000-memory.dmp

      Filesize

      1.0MB

      Download