Overview

overview

10

Static

static

3

33dbeae5ec...18.exe

windows7-x64

10

33dbeae5ec...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33dbeae5ec1b4e1fae8dd467266e9799_JaffaCakes118.exe

  • Size

    172KB

  • MD5

    33dbeae5ec1b4e1fae8dd467266e9799

  • SHA1

    ce3eee0ff958f04c182f722b41d16a0b2deb0606

  • SHA256

    2b0ed02dbb6437e6e3ed8bcb1f8671858c5447f4a06e01bcfbdf97df42660b66

  • SHA512

    cff3ce1aaff293b798484a1dffdd092a9e97f0eaadd49c39b649136d38ec76e4a7124cd732d62bd1fd442804c7e518e3a3c1f0c2b41a138f2b693b4ae88216e8

  • SSDEEP

    3072:YEfP+YAyGsPP5YqrbVzerqCqxqiKkGYXaYn1ET4QdDSFjtMzFjlyncjNKq0:RFxGsPeqrbVzytxYn1qqtMJZhNB0

Score
10/10
evasion

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 18 IoCs
    evasion
  • Modifies security service 2 TTPs 26 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\services.exe
    C:\Windows\system32\services.exe
    1⤵
    • Modifies firewall policy service
    • Modifies security service
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:464
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\33dbeae5ec1b4e1fae8dd467266e9799_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\33dbeae5ec1b4e1fae8dd467266e9799_JaffaCakes118.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2064
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe"
          3⤵
          • Deletes itself
          PID:2748

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \systemroot\Installer\{da45e713-8226-974d-e1b8-8a65f19f6f1a}\@
      Filesize

      2KB

      MD5

      41361d4ae7ddfdaf75097a9740825885

      SHA1

      62c4bdca3a31d9217b7cba69482e530ce404a9c1

      SHA256

      5113da856260e52ec9f83c7f2ac63d3301c04199830d8ac4371df9b8adbe37d3

      SHA512

      b516bd0cb43920dadac76a5b761dba41ba2845e2ae1d9f8c7cd1e08c19e24c735cdd4ac6ed8c192530d4df403969ac3084149ee2ddc1f186a2401b6aa592e54c

      Download Submit

    • memory/464-16-0x0000000000200000-0x000000000020F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/464-19-0x0000000000210000-0x000000000021F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/464-18-0x00000000001F0000-0x00000000001FB000-memory.dmp

      Filesize

      44KB

      Download

    • memory/464-12-0x0000000000200000-0x000000000020F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/464-8-0x0000000000200000-0x000000000020F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/464-17-0x0000000000210000-0x000000000021F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/464-29-0x00000000001F0000-0x00000000001FB000-memory.dmp

      Filesize

      44KB

      Download

    • memory/464-30-0x0000000000210000-0x000000000021F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1216-5-0x0000000001D20000-0x0000000001D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1216-26-0x0000000001D20000-0x0000000001D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2064-3-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2064-2-0x0000000000427000-0x000000000042B000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2064-23-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2064-24-0x0000000000427000-0x000000000042B000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2064-1-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2064-28-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2064-0-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2064-4-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download