Overview

overview

7

Static

static

7

24a438f6dd...18.exe

windows7-x64

7

24a438f6dd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 04:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    24a438f6ddd4b1ce10082e792e6715d5_JaffaCakes118.exe

  • Size

    23KB

  • MD5

    24a438f6ddd4b1ce10082e792e6715d5

  • SHA1

    fd687d9a065d79bb4502a5788a4c8391f1629296

  • SHA256

    3ad356c075dff59274a0488ef9e4459c514440e09e36d14b5699beec3a929c45

  • SHA512

    c8c6c26ff803b3b0752f8ff965eb22c76af7fb74b7388b7d149bb37f7944ad6aff75e28af5899145a026b2da9897d0197171767d2083d4808a9a41de170a5a02

  • SSDEEP

    384:Fq1dm2UHrz7SUhmvWHVRqPSKdYdNQrviWH/8xGapAUdDHnNy1qU31QzGniuF4M:L28rzTGojGgNiDExvQbu2B

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24a438f6ddd4b1ce10082e792e6715d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\24a438f6ddd4b1ce10082e792e6715d5_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\24a438f6ddd4b1ce10082e792e6715d5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\24a438f6ddd4b1ce10082e792e6715d5_JaffaCakes118.exe" S
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:2024

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Internet Explorer\IEXPLORE32.Sys
          Filesize

          30KB

          MD5

          5eb3e56cd993d4554594033961bc7e6b

          SHA1

          918ada2a675f5518c3e2e5b24fd9104bac825002

          SHA256

          ff0e4154c18ad51c69a81a70feac9009097d531e97beda94d38fc41e0cef804a

          SHA512

          83d0fd6cdeed0507f5fa81de951558a2768fde8be9d59294a55e769db22349d78aa0549a55799688328c1c2565bb19030a6d256e8e895e8c80aff473a6df05de

          Download Submit

        • C:\Program Files\Internet Explorer\IEXPLORE32.ime
          Filesize

          23KB

          MD5

          0c1c1a053d3420cf8bd7f742a5214a40

          SHA1

          4f542a9b95530d30b2852997f4c0b32639502b8d

          SHA256

          5d390a89a9906ad5b8a25d73e3d6abc2a1e4bbdf0e252387bdd6a743ad605eac

          SHA512

          8ac4cb43666cd8d720462da7428146f323c130f137a9829083b84ed80c9d30fed8bec4fa6c14a83e6c9b6bb5de3656d97c09640d8fd4e3b1d96af249aaf7477f

          Download Submit

        • memory/2024-8-0x0000000000220000-0x000000000022D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2024-9-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2024-10-0x0000000000220000-0x000000000022D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2820-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2820-4-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download