Overview

overview

10

Static

static

3

2b5f29c0c5...18.exe

windows7-x64

10

2b5f29c0c5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b5f29c0c59138cf615310a6a530201d_JaffaCakes118.exe

  • Size

    157KB

  • MD5

    2b5f29c0c59138cf615310a6a530201d

  • SHA1

    2a83197b7d0e620958a5d97dc6274081cadfa677

  • SHA256

    c0b8770ec2cb856647beb2e656e1f68f00f0fec73646bace5f1ed0a9659e6332

  • SHA512

    f6e5e82062ba88008d2934269eae4b239e8eb4ff29346041beffcdeb91db98f19149327bbf7e37fc67745cc559545a37dd8878290b56c2c8905225e8c63a167d

  • SSDEEP

    3072:A9eRdWq4CesTTTY7v73ZBHBHGoWakrI672Ey9/SlYG:A9eRrHjY7vDHEozcIExy9UD

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b5f29c0c59138cf615310a6a530201d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2b5f29c0c59138cf615310a6a530201d_JaffaCakes118.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Enumerates connected drives
    • Drops autorun.inf file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files\Microsoft Office\Root\Office16\winword.exe
      "C:\Program Files\Microsoft Office\Root\Office16\winword.exe"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDBA65.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
    Filesize

    18KB

    MD5

    5748b99fb02213bc5c0775f181ef3b8d

    SHA1

    3c20b2bdc6162bde6849fc7a4ac23524f7cd2f85

    SHA256

    9983160d0fd9cb18a479370bc0b964ef2fcb2a4a17a4b4c4d249fa749f27d2b0

    SHA512

    4c3540f17f042333ab23a544c288d4896ef91336015c6b71550da05b7882b894b530c4f1f66002644e9ab4b5abfa35e814eeb13d7637758073483a704875bb7f

    Download Submit

  • F:\autorun.inf
    Filesize

    126B

    MD5

    163e20cbccefcdd42f46e43a94173c46

    SHA1

    4c7b5048e8608e2a75799e00ecf1bbb4773279ae

    SHA256

    7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

    SHA512

    e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

    Download Submit

  • F:\zPharaoh.exe
    Filesize

    157KB

    MD5

    5f6eb28b2031e74657b6a432cd05e2eb

    SHA1

    20295f1d3eade5a8afd779adb36c2245dbf77e75

    SHA256

    e1ce9eea6b94b00cf60d14bbd07c41cd3d148970ffa62d3c8c559abb96a1fdcf

    SHA512

    829e473fe7fef81946cadb6bd1de027f490629eb38f544c0575d48363664fd01c6a077acca8e708197a1ad4d4c4bd75b1e431c5ca15575934891993ffe1dc7ee

    Download Submit

  • memory/1924-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1924-17-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3540-22-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-32-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-19-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-23-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-24-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-25-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-26-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-27-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-28-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-30-0x00007FFD54340000-0x00007FFD54350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-29-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-31-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-33-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-21-0x00007FFD96A6D000-0x00007FFD96A6E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3540-35-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-36-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-34-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-37-0x00007FFD54340000-0x00007FFD54350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-20-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-521-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3540-18-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-548-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-550-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-549-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-551-0x00007FFD56A50000-0x00007FFD56A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-552-0x00007FFD969D0000-0x00007FFD96BC5000-memory.dmp

    Filesize

    2.0MB

    Download