Overview

overview

7

Static

static

3

23361342f8...18.exe

windows7-x64

7

23361342f8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23361342f83b0e3bdb16342b9826c6a1_JaffaCakes118.exe

  • Size

    390KB

  • MD5

    23361342f83b0e3bdb16342b9826c6a1

  • SHA1

    723fa58f4d583a39dbf05239c8c522333d8984dc

  • SHA256

    11234ea136d4510b6c5e7f1123d02ca1b5a8d5d38ea017a38b8dd3dfa61ab880

  • SHA512

    d2fb2e3cc3fde52b95b3a1fd89bfd03171c971dcc688b578a93f70bdac93240196979eca78d3279eb3f26062cd5849ae54cca4aa7e68c8668a7faaf45d10996e

  • SSDEEP

    12288:Hb2l7v8t0u63yNFTUnaNNQrJw6TndaBuv0xV88:Halot0FsFTUafQdwMnnI3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23361342f83b0e3bdb16342b9826c6a1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\23361342f83b0e3bdb16342b9826c6a1_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Windows\system\services.exe
      C:\Windows\system\services.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\ha_server.ini
    Filesize

    223B

    MD5

    2c8cf160eda17263b5412f0babaa1add

    SHA1

    b50ff70f51bf40633f8b3f02c2bd0633e7ce3d9e

    SHA256

    527397e3de0516b77ab2ae9ed6fe644036a23dbd17d2297a2ca6ed61ba49d1a7

    SHA512

    b59f4cb54945e1c1fbc010ed41fdede2a6b3a1a2e1345bc9b5727f7f73cf1a6268b659370d47f730720930ea9dd993e0923980203069665fc79ecbf913694aed

    Download Submit

  • C:\Windows\System\ha_server_lang.ini
    Filesize

    1KB

    MD5

    aad4a95f28cbc98c4b0fe19a46c90535

    SHA1

    cad2ecc478944819b55c5d62683c96d9f605fb25

    SHA256

    592f372c9666cbaed25df0541dc43974ce01d82833525f7330c3f9da55c0d4bc

    SHA512

    a5c39df4d4ec1ce1c42ec2dfb2f9b3f94524b4fe33d8c5e66c418d80fdf03256615f33f00643979e093f26ca010f5adc13efd4194e7ad6a322231f70aa4fd15c

    Download Submit

  • C:\Windows\System\services.exe
    Filesize

    304KB

    MD5

    58716b4cfbf9dca9746798a50ea57202

    SHA1

    a13d1b59a99a29727c81194014f6bdaa3c9e366f

    SHA256

    32af77cac8915cd17874097228eb020a29cb1b7482427886e4609977d74804d4

    SHA512

    34567e4cd26305bda2daaf576a1d767c623d844836156d6126021eaa26c5a3f541104833bafe3d3b1a67498302b9e2a2c918be202dcacc9b091957ac973dbaa6

    Download Submit

  • C:\Windows\system\ha_server.ini
    Filesize

    201B

    MD5

    71fe83f48f9a9fcaaf450508de6c2478

    SHA1

    0468a602eba1331c983b4feb5cc6c943c154b75a

    SHA256

    5c3fb00b81a73fd25676e2d3862ac09f89c4a915b912431b4acc1f2516523471

    SHA512

    5180cad24a4e79430928ce52375e87fdae2f4a6946948310f85227ace146e02c4bcd7203248833b0668e4b9154ad985b500029ba4da1cdeba552e9665ce18c62

    Download Submit

  • memory/948-8-0x00000000005F0000-0x00000000005F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/948-9-0x0000000002920000-0x0000000002921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/948-7-0x0000000000400000-0x0000000000545000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/948-6-0x0000000000400000-0x0000000000545000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/948-58-0x0000000000400000-0x0000000000545000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/948-59-0x00000000005F0000-0x00000000005F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/948-60-0x0000000002920000-0x0000000002921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4420-0-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/4420-57-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download