Overview

overview

7

Static

static

3

3284e59be4...18.exe

windows7-x64

7

3284e59be4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3284e59be4faa9336b5b23e07c2ed8db_JaffaCakes118.exe

  • Size

    31KB

  • MD5

    3284e59be4faa9336b5b23e07c2ed8db

  • SHA1

    07a7aecb1fad8d3a5cbb02d5c047a77354445c27

  • SHA256

    de0cb2b6b1be2e8e82bf07c23c48ba930558f653efaaba9a86f847600430f6b4

  • SHA512

    e2b32232a716f8409988c48640af57db72a019483dbbbf7f9a6bfa735b60839581a26ff7b3315e84bb507d20765275ccc30ce076822026b3886424ecf9bdb363

  • SSDEEP

    768:t53z8nI0tRzO8Vg6YIwYw8pH2bBEr1XrRBOV5:gA6N6ErFOj

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\3284e59be4faa9336b5b23e07c2ed8db_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3284e59be4faa9336b5b23e07c2ed8db_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1864

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\upxdnd.dll
      Filesize

      24KB

      MD5

      7069caf26be622f5a72be6e99a8db29f

      SHA1

      b5d6da2b32204d2a06c80eaad720614f07ca44ec

      SHA256

      6469e8a348e8b14a776fb2b865379b658b6a545485c2f8a8f0e88dab33bab146

      SHA512

      22d0f24dd57a3e00faf6fc3b1b472a8abce256629295735c428c079497826b5085a43562842ca5bb872c64b6568e9ee0ae867b27bc5a51bf18f8690760e81fcd

      Download Submit

    • memory/1212-2-0x0000000002E20000-0x0000000002E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-2-0x0000000002E20000-0x0000000002E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-2-0x0000000002E20000-0x0000000002E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1864-10-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1864-11-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1864-10-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1864-11-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1864-10-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1864-11-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB

      Download