Overview

overview

7

Static

static

1

27fbeda178...18.exe

windows7-x64

7

27fbeda178...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 08:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe

  • Size

    492KB

  • MD5

    27fbeda178b09648587b63d44e4dbdf9

  • SHA1

    bb81a81c7b956085bcb7bae503a2c55b6da12ab8

  • SHA256

    ab7227fc788469b6c19b8ac6b43db33a33cfeb893f20312aa48a609decac498d

  • SHA512

    6fd052714230090cf9aa220a33cda77cbabedfcc0563686ffecbf47e9d7eff421db0f6aeda19d258a403278a08c30351127d58de5de205a717bd0017cf5c95a9

  • SSDEEP

    12288:f6s2gciFt0zri1IBgcn67Kg/EZU7HJRRrom3mkldQWA7joVSb:N2flsj72P8dUZb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2368
    • \??\c:\9bc7095a96272439297617c9\update\update.exe
      c:\9bc7095a96272439297617c9\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2744

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \9bc7095a96272439297617c9\_sfx_.dll
          Filesize

          30KB

          MD5

          b9b02d97007953e74caaa38497e7278a

          SHA1

          3954391efec4615a597594b02ad755f539d2fa42

          SHA256

          e4ecf14cf98b855642505802a04be2035db6e13600112c01632e2e600c8184cc

          SHA512

          78f39f6c6167ba61f52501912b3c5fa6d8c0d594be9f9a5b888b2cb4e19c1d499328fe28a90cc1457e15b14f78ce5a3591b8ed1468afb8d5e944df07a7ae2c6e

          Download Submit

        • \9bc7095a96272439297617c9\update\update.exe
          Filesize

          725KB

          MD5

          50914702cb6c72275018643c557ef8c5

          SHA1

          a60b307966ae1329ff1c16f187117768179bb719

          SHA256

          a0b2b5e50eff3968c6c05cf18fc93ba3fd2a5de6c35bda609b14e9247e99d2e3

          SHA512

          4005b7da7eab74d9be1c7847f0485354bfff974c0cf88a2bcc0a30168665218671721e784b55b6038bbb2399927850d607e5aaa178b290be91e636d988e76bfc

          Download Submit

        • \9bc7095a96272439297617c9\update\updspapi.dll
          Filesize

          370KB

          MD5

          9a055da2f2819f155c33d47cd67a7c00

          SHA1

          1ca0a282dbd483972b40bf4ccff4f747227f422c

          SHA256

          0acbbaa648ffbcc6375736dd35ee7a20bfcf5976dfc558ca72d820e7f7cdad85

          SHA512

          cf137d691c6a6c3e6611f2af4ccd462f291ab49f430a9fe4ff2746a4f3856255ec5d1551ff408b437b573000322131c9bd78fae74cace812ae81441df52a7a49

          Download Submit

        • memory/2744-48-0x0000000000170000-0x00000000001CE000-memory.dmp

          Filesize

          376KB

          Download