Overview

overview

7

Static

static

7

32726b01f7...18.exe

windows7-x64

7

32726b01f7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 23:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    32726b01f7b492ee97ce39a7a795debb_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    32726b01f7b492ee97ce39a7a795debb

  • SHA1

    0e3b21db891a843c4efbee83d76893f8d6dc1223

  • SHA256

    01b21ff216a7b629043a73b9618a8a0a721c5e7a348f772a26c68ac63ca98a41

  • SHA512

    e5d26d819d4e53d04e18b66ca5b7c79e84b8553bddcc074660ad4c9a0beeed2c6dcf6e60ddf08a9fd1945349086e82ea93ebad486e6cfe9bd8a3d7f44530a060

  • SSDEEP

    1536:lHwei5vVpfAYccnouy8XiG51sEKIJz9yBvaAK695:mei5tpfXc8out/fzwDtn

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32726b01f7b492ee97ce39a7a795debb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\32726b01f7b492ee97ce39a7a795debb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2740
  • C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdateBeta.exe
    C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdateBeta.exe /svc
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    PID:996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdateBeta.exe
          Filesize

          44KB

          MD5

          0891637417c44c59183842b77b1e5ba8

          SHA1

          5aa312cc620ce0e01087d242b1c131c31482ada4

          SHA256

          3c9af19c0d471a6270af4efdb9b7e919932e692933a01b953d7de0d6e6a8600a

          SHA512

          4a67b22bb20ecf3d1a09013dc7cadb583ac92f545e84e87325a07e7bfc809603f40e3d7b8434b285f3624adf684cef73d56ff54fd949309f0db929e53b378ee4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsw709E.tmp\System.dll
          Filesize

          11KB

          MD5

          0cd58932a9ee8de6a634889587a6eaf4

          SHA1

          b02b1c83270f175544c04e42a8aa5cff5c660b7b

          SHA256

          85811983e6923f364eb25e464cc5c5b7a9a3640106980bf887ad715813f153bf

          SHA512

          265cca4177dce8e6b3e8fb612a350aa135bd7a9e56ce44fc1f1ee3752ee957d4024f0465a04b8f6bfcb3ea512997add1e72d0d435a55b446dc67a6432aa6937a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsw709E.tmp\nsProcess.dll
          Filesize

          4KB

          MD5

          05450face243b3a7472407b999b03a72

          SHA1

          ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

          SHA256

          95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

          SHA512

          f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsw709E.tmp\nsSCM.dll
          Filesize

          5KB

          MD5

          177172693b78f5399d20fe5a8be94e4a

          SHA1

          07ca4de47cbd6aae3eae608a97016579be18ee87

          SHA256

          2a9fce2670b982ff33d80736417934e456560394a53bf83d5f73b617dbc3545f

          SHA512

          36a70a99a90e69f2a8a97c869ae3f99976ad1bfb086ca23dfc0b1e1fc29b35aead34aa0a000424d5d965559c9d4c9e81164eb1589bb1b4ba6d47b38929b37262

          Download Submit

        • memory/2740-0-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2740-31-0x0000000000400000-0x0000000000434000-memory.dmp

          Filesize

          208KB

          Download