Overview

overview

10

Static

static

3

2f5d51b0bd...18.exe

windows7-x64

10

2f5d51b0bd...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f5d51b0bd4f74af42102eb2ff363277_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    2f5d51b0bd4f74af42102eb2ff363277

  • SHA1

    cc922e53b79f1d8b80e7ed968891b6f2e891610d

  • SHA256

    a951e1f4605cd9b5e902b921d6a1496dfbbddb177fcda58640bfff08444e6602

  • SHA512

    a37a37fac92fedc92578702debc7f8585b6fce61a32adb055292ac6f6adb4704a24c2c09396f8b3441af915279c030f1b3da3155db2fa8f58300b106cc430e12

  • SSDEEP

    768:jDFIPM9ZiddaqnObOasGEwU8Z1Rbe2kjEQJQ1H7a8zFkzqcweOEg:dI0DiCU8Z1QjEQJecweF

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f5d51b0bd4f74af42102eb2ff363277_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f5d51b0bd4f74af42102eb2ff363277_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Users\Admin\xaoapa.exe
      "C:\Users\Admin\xaoapa.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\xaoapa.exe
    Filesize

    88KB

    MD5

    79316d1ecba4cea18ca042b534c0d9f9

    SHA1

    a4859fce087e5abd3d54bef7ec59a06d3f3e423c

    SHA256

    e6350a3f98b806051a0c3c9b8bfaf3bc4d5d2e3cae2be7347c75bfa410168ca1

    SHA512

    3558a5f3613db56859f349f908c37631c35067162ef468d07f75166962ce906a9577f95530417127aa7d79fb350c00d69ffb2d66efd35602cc3e9b7d84d2a82f

    Download Submit