Overview

overview

7

Static

static

3

30a5468994...18.exe

windows7-x64

7

30a5468994...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30a54689944b5d90541a6c82d84e9715_JaffaCakes118.exe

  • Size

    662KB

  • MD5

    30a54689944b5d90541a6c82d84e9715

  • SHA1

    6e4f8cf54e070c8fb5835cac6bf6bd3a958022b6

  • SHA256

    deac2e4adb04727098c7ff6c906155cf0129c1954f4812d0d9f5931b6bad1249

  • SHA512

    e44da03cd82cc500b911bd1aa8e0e554bafca3e477728ee1c41d67a719487137c157c014a0f19dd1b22237d24b2007907a73408ed8effc540d8942ae48863c2e

  • SSDEEP

    12288:uHTAX0i7fsqO8Qhl4Aw/IeaWZF3Z4mxx6Q4AMmlo9QNLnn31:uHT1i7fs1D6A8aWZQmX6Q4AMb9i31

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30a54689944b5d90541a6c82d84e9715_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\30a54689944b5d90541a6c82d84e9715_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þÐÞ~2.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þÐÞ~2.EXE
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2792
    • C:\Windows\cmdonl.exe
      C:\Windows\cmdonl.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þÐÞ~2.EXE
      Filesize

      290KB

      MD5

      8a6746f8423966dcbffcf2637b0ae009

      SHA1

      b17f552dc9cd0f63993ac6d61ad218e87422ece3

      SHA256

      df64a389c6fd6d6328e4a4d02d9d0987f4788a306969265e4aec6eadba253c0e

      SHA512

      255f87f536f97771e0bf394bafb91debb6753682311ea640a52aa62eaec21c6fa0afabdfb78968a824e92a958976ee29a325563d44f517c0defb40b3cb1479ed

      Download Submit

    • C:\Windows\MVJYDT.DAT
      Filesize

      51KB

      MD5

      c569a17ff175dd1b9d398410c8409139

      SHA1

      f4a00ddb96783ac3deb556d0d97b09bd30872ba1

      SHA256

      8c2063f15c1d5102869c98a210c77c34897f01cf583a3b061a1bb46e8d59525e

      SHA512

      f6b54d20de495712cdd42d821e8f515140c60a699bd06e0127240004e955a608adb4e44dd4c52efb2df7fa4cd314c054fb728ead6a356caa82249ff7a02e643f

      Download Submit

    • C:\Windows\uninstal.bat
      Filesize

      164B

      MD5

      95d1be338ea6598321eb8d97c4cddb8d

      SHA1

      c2e1d66371c5abcec0487bf1a8882cd9c582d7d6

      SHA256

      6f2ca3b00e15662a08f7eec7ab83192804342905938f662f62512f39a617e1a2

      SHA512

      db2fff6f881321983dec8542daed2ef3eab4d4f6d106e457fabee251732cad951c9c09c4491021f0b0d045b8c42eb95fbddccbce88e801df88e549026132c9b1

      Download Submit

    • memory/844-20-0x0000000003150000-0x0000000003151000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-18-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-8-0x0000000000490000-0x0000000000491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-7-0x0000000000290000-0x0000000000291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-6-0x0000000000420000-0x0000000000421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-5-0x00000000004A0000-0x00000000004A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-4-0x0000000000440000-0x0000000000441000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-3-0x00000000001C0000-0x0000000000214000-memory.dmp

      Filesize

      336KB

      Download

    • memory/844-2-0x0000000001000000-0x00000000010B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/844-10-0x00000000004B0000-0x00000000004B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-17-0x0000000000160000-0x0000000000161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-52-0x0000000001000000-0x00000000010B5000-memory.dmp

      Filesize

      724KB

      Download

    • memory/844-23-0x00000000038C0000-0x00000000039DD000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/844-22-0x0000000000470000-0x0000000000471000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-21-0x0000000003140000-0x0000000003141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-13-0x0000000003120000-0x0000000003123000-memory.dmp

      Filesize

      12KB

      Download

    • memory/844-9-0x0000000000480000-0x0000000000481000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-19-0x0000000003160000-0x0000000003161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-53-0x00000000001C0000-0x0000000000214000-memory.dmp

      Filesize

      336KB

      Download

    • memory/844-16-0x00000000031B0000-0x00000000031B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-12-0x0000000003130000-0x0000000003131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/844-11-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-35-0x00000000002B0000-0x00000000002B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-51-0x0000000000400000-0x0000000000519000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2364-30-0x0000000000400000-0x0000000000519000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2364-29-0x0000000000620000-0x000000000073D000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2584-38-0x0000000000400000-0x0000000000519000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2584-39-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2584-40-0x0000000000400000-0x0000000000519000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2584-37-0x0000000000620000-0x000000000073D000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2584-50-0x0000000000600000-0x0000000000611000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2584-56-0x0000000000600000-0x0000000000611000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2584-59-0x0000000000400000-0x0000000000519000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2584-60-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download