Overview

overview

10

Static

static

3

31645af732...18.exe

windows7-x64

10

31645af732...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31645af73294b1734caf270574a06bf6_JaffaCakes118.exe

  • Size

    35KB

  • MD5

    31645af73294b1734caf270574a06bf6

  • SHA1

    eafb77943611e88c3ece9072db3d431175b52bfb

  • SHA256

    8db8012f8b083f77db7c0f761474cc470a289680198526cf1b1f563a12a4af52

  • SHA512

    e40c9c9524212c20ea0333fa3bc8ba0cca971f84b1e60021072192d89ceb074e6a37272a83b18dbdc65d056ea972ef6c10c40de3581c4a259f7747de2d042749

  • SSDEEP

    768:mzQYScGrIubHuYtvdxwYHw5FAe2QUncwxpJ:gQTIubHy5wQU1J

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31645af73294b1734caf270574a06bf6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\31645af73294b1734caf270574a06bf6_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files (x86)\89afcd39\jusched.exe
      "C:\Program Files (x86)\89afcd39\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\89afcd39\89afcd39
    Filesize

    13B

    MD5

    f253efe302d32ab264a76e0ce65be769

    SHA1

    768685ca582abd0af2fbb57ca37752aa98c9372b

    SHA256

    49dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd

    SHA512

    1990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4

    Download Submit

  • \Program Files (x86)\89afcd39\jusched.exe
    Filesize

    35KB

    MD5

    19a2ef77f324d384828bafe495463482

    SHA1

    b0caf533904784fca3cced9cc405372c619ee28e

    SHA256

    52430d9914e6d933f9f2e60d87f40ea8bdffbf366de669a3d610cd6d55953eba

    SHA512

    cd8e4add7708b3ddcec6d94d9dec035f9fc0e7b6b8272daa6e12aa56a5a3ae50c69d2aab9159421e0b9e3d9ef2ff9cdda45d5030b63ac01fed504b8ab8190ab9

    Download Submit