Overview

overview

7

Static

static

3

29a83c4e16...18.exe

windows7-x64

7

29a83c4e16...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2024 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29a83c4e16e9de9526ca507b0d4c8e24_JaffaCakes118.exe

  • Size

    426KB

  • MD5

    29a83c4e16e9de9526ca507b0d4c8e24

  • SHA1

    94d29b703a28e8c54e7ae731c89803f0e425888e

  • SHA256

    40781eaf43a5fd18e6d9bcd0206187b7061e7aaf4eee23abf585d761539a3425

  • SHA512

    39c8a681aeb4fb13731f96d2bab4f576015f429195e7220af68b00ba00fd0753a5f97a2213022e92830e569c472a72322191db90cccb9d0785af06adff7c1647

  • SSDEEP

    6144:Oc1rRX8bsMMrmaR4IF2idZecnl20lHRxp3g54IDNU30DOccye2hxDbPk633ks4nW:duaRZF3Z4mxxQ4IxSo62jDrkAks4W

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29a83c4e16e9de9526ca507b0d4c8e24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\29a83c4e16e9de9526ca507b0d4c8e24_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
      2⤵
      • Executes dropped EXE
      PID:1656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
        3⤵
        • Program crash
        PID:3356
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1656 -ip 1656
    1⤵
      PID:4928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
      Filesize

      52KB

      MD5

      adb328f7b008c8112b80e73ad657a3a0

      SHA1

      6934e50710c171c0611f3cd7c97186dc999ab8aa

      SHA256

      656944c3d46adafcdb61ece70d9e104a2e1d1d4714b753640a6aaf9dcd1d2b9d

      SHA512

      1f3d0f9c8b0566a2f3278cf62eec0ab85d86cae118a3516fb71a0ab893a0880862d345640d08f31186b2759c87bb2a912b527f906ebaa3dfc90a75d1d63df503

      Download Submit

    • memory/1636-0-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-2-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-1-0x0000000001023000-0x0000000001024000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1636-3-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-4-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-9-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-8-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-7-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1636-14-0x0000000001000000-0x000000000107B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1656-13-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download