Overview

overview

7

Static

static

7

269914ad9e...18.exe

windows7-x64

7

269914ad9e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 23:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    269914ad9ed8f20c00b52dc59b07c5ad_JaffaCakes118.exe

  • Size

    74KB

  • MD5

    269914ad9ed8f20c00b52dc59b07c5ad

  • SHA1

    fba71008dcfdd3887cdc0198036dbf70d6d5bca3

  • SHA256

    8576920ee073f6400f98d1b86e2ff46dccfda9abcfad0055f0d48980a68884c5

  • SHA512

    2f8a157c52e6c3aaf4ee329eef39089888134dd3e8cef962f7652be92f53318c4a5033bebb94e671f6682725a41f066b608c72ed63a216d12cffcfb035987fca

  • SSDEEP

    1536:/OaP0Su5IdbE66FFr8J7/P41sP+KYewDHn/7/:hUWdgFr8hHX+KGDHT/

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\269914ad9ed8f20c00b52dc59b07c5ad_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\269914ad9ed8f20c00b52dc59b07c5ad_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\p2.exe
      "C:\Users\Admin\AppData\Local\Temp\p2.exe"
      2⤵
      • Executes dropped EXE
      PID:2616
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\p1.jpg
          Filesize

          19KB

          MD5

          23a10ab136f51ccff2c510eed3f24814

          SHA1

          fabc8e05aa900218dfda253126bf1c28b2640d07

          SHA256

          6eca11a685d5730043e4033d897c6e50769537b55d5b5147b6b85f1581fbfc3b

          SHA512

          55f858e7e5775b17c40fd6cce6a9abb578c33e3940dfe4f892829c29d9b3e32d11b232db2cc9f7d075ca5994e730714113c97dc11a3ff4a8226f087f466dca3b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\p2.exe
          Filesize

          10KB

          MD5

          c9a09ac14f902cff94e4c32d1367d7e5

          SHA1

          99444364802c5a3a132983edd7ba764129dd9d1e

          SHA256

          3b579be0f476b178da78f8e044147cbc1150548f447643309d3127809857fd88

          SHA512

          ddcd99f78eb5a33d25d58b3162160f62630a2b2e7f12567c4361061a64809760549f8aabfdfdd98a146ce7297eeec251577bde0ad1706e582bb7671283429203

          Download Submit

        • memory/2328-0-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2328-2-0x0000000002F50000-0x0000000002F52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2328-14-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2756-3-0x00000000001A0000-0x00000000001A2000-memory.dmp

          Filesize

          8KB

          Download