Overview

overview

7

Static

static

7

282dcac359...18.exe

windows7-x64

7

282dcac359...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 10:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    282dcac35974575f937242bba67a37d6

  • SHA1

    670e9d6d45142f96985d34b87cc95d29876e1262

  • SHA256

    11ab6478ea15503cfb699dffbdf9968a6e17d78a3c4bb6fe0991ffe1930e1516

  • SHA512

    ab3b92e5eee754af83f003983fdd61c7e418f511ccf9035cb6c9c039fe1a4b5c1ba9e4f5480f247c8baf906e65dbb9e4a76040003ade7bb1f8ba6387081758b3

  • SSDEEP

    3072:Eb9Sb1K9HK4CTbdcsvFWj+eDafue7o0qQk0BVkY3Poutu:E5SbwRK4CTbd9W7Dan7o0TBVkEPoS

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2376

Network

  • flag-us
    DNS
    d.trymedia.com
    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    d.trymedia.com
    dns
    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    60 B
     119 B
     1
    1

    DNS Request

    d.trymedia.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\connecting_icon[1]
    Filesize

    301B

    MD5

    81f2114b7bcc913245df781df3eb9ae5

    SHA1

    46beb25a2a30e66c65ebddb72f836542e3655d21

    SHA256

    13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

    SHA512

    446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

    Download Submit

  • memory/2376-0-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2376-3-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-27-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2376-33-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.