Overview

overview

6

Static

static

3

27e1857844...18.exe

windows7-x64

6

27e1857844...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 08:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    27e1857844a60fe3c56c57319a7726c7_JaffaCakes118.exe

  • Size

    820KB

  • MD5

    27e1857844a60fe3c56c57319a7726c7

  • SHA1

    aff6af7cc0ac1444f29027e880148ab6ce8d3882

  • SHA256

    6d39570da7ff9f5d1707f5dad9342d4ab59da6006f41f7960b801c86791278c4

  • SHA512

    2aefd6b29934dd8c4c3b8112a53287ca5758b62cc6c27b29e18587b10f42acd38c733e611ac08d529f855236f12f4a80c4e8f46b95afad0b0207edb0daa88160

  • SSDEEP

    24576:X0KsaBNJkv21MS1+xs1oWVVN+mK6ye38MG:BR+WQmK9e3

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27e1857844a60fe3c56c57319a7726c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27e1857844a60fe3c56c57319a7726c7_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3740

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3740-0-0x0000000000400000-0x0000000000866000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/3740-1-0x00000000025B0000-0x00000000025B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3740-2-0x0000000002710000-0x0000000002711000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3740-4-0x0000000000400000-0x0000000000866000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/3740-5-0x0000000000400000-0x0000000000866000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/3740-7-0x00000000025B0000-0x00000000025B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3740-8-0x0000000002710000-0x0000000002711000-memory.dmp

          Filesize

          4KB

          Download