Overview

overview

8

Static

static

3

2a54e63f39...18.exe

windows7-x64

8

2a54e63f39...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 00:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2a54e63f399269374692c00d5ab435e2_JaffaCakes118.exe

  • Size

    640KB

  • MD5

    2a54e63f399269374692c00d5ab435e2

  • SHA1

    87ee13506dc254d7a8d26d74b1dcbffb57a9fb99

  • SHA256

    cc0bdf1e810fb36784bfdeaaeef58b097f43e9bd800d455216a6027effbadba5

  • SHA512

    6e46042241d8b9316c5ae428ffd3b4c33a91dacd74ba44aafa392ff9b2e6fa65bade8ec2fa93ccb9a73e927089600d6c0b63117af6cb1a5e3ae06c6e6dd006d9

  • SSDEEP

    12288:NtKe6Zv23YdL/W5L/SZdSCvTF+bDTqXTa7v5ouB1CWrDDU1zFWPeFiI5ewiq23F:d6Zv24/WNSZ8CLGETEjrCwDUqDI87qS

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a54e63f399269374692c00d5ab435e2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2a54e63f399269374692c00d5ab435e2_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:1804

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\concp32.exe
          Filesize

          645KB

          MD5

          dfa187cdfddecc78c089f0cdafc7edd6

          SHA1

          5cc1de31880a72196c14d74b37e2901ecc050a1e

          SHA256

          7973c8daad59405082d9f558ca9c7487fb702fde3b2baacbeabff0bdcf127889

          SHA512

          f3ba62fa7f1d2919ed77ab0828003fe09981262f6ad3c9af4d12970b9be2709d91bc44f9ec9f04d616aeca7cf34adabb996374f285838d767399575fb07136dc

          Download Submit

        • C:\Windows\svchost.exe
          Filesize

          640KB

          MD5

          2e551b097673494ffe2c78688d540022

          SHA1

          b820b94e885a4541c7d34df66d0cddd716df2db9

          SHA256

          9c8ebf5d3fb58168c5026797f0b1212ff88e95901c69ad8383e797e402e9d1fd

          SHA512

          6c64b8f1464f3e0e1ee0ce65cf9041814accf40970700d8a0c4a3452af02a88b1de196f0a1e4f23ed119e8d696f881d7d71ec20fc8eb930a4fdc256a177f8811

          Download Submit

        • memory/1804-15-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2036-0-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2036-14-0x00000000001B0000-0x00000000001E5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2036-16-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download