Overview

overview

7

Static

static

3

340bb5ac49...18.exe

windows7-x64

1

340bb5ac49...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 08:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    340bb5ac4921b3b34d4766dd5f438dbb_JaffaCakes118.exe

  • Size

    599KB

  • MD5

    340bb5ac4921b3b34d4766dd5f438dbb

  • SHA1

    ae85163aa2cb24169b91ebd387639d6e57da32a7

  • SHA256

    4b3a81a74c8b8e7edbd23bf261cb93295f65c8c5e194362fc5ffe56075512054

  • SHA512

    31aee4304329204c83967e195985f19f089f69c93705b2954b4682616cc9e207b7db5157e4a2ae9bc873230f5f1e38a0b6115ea9168e5d69c6ddc05d280c5d3a

  • SSDEEP

    12288:II/H0gA/39MRkSH1PetFEOJXfo6QfAQr0tN+VewbPAOeXO+WT:II/F6MmRDEgvMApn3s/uWT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\340bb5ac4921b3b34d4766dd5f438dbb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\340bb5ac4921b3b34d4766dd5f438dbb_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 640
      2⤵
      • Program crash
      PID:1420
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.cmd
      2⤵
        PID:1372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3160 -ip 3160
      1⤵
        PID:1488
      • C:\Program Files (x86)\Remote\Remote.exe
        "C:\Program Files (x86)\Remote\Remote.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4248
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 640
          2⤵
          • Program crash
          PID:1076
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"
          2⤵
            PID:1092
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 12
              3⤵
              • Program crash
              PID:4856
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4248 -ip 4248
          1⤵
            PID:2416
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1092 -ip 1092
            1⤵
              PID:4424

            Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files (x86)\Remote\Remote.exe
                    Filesize

                    599KB

                    MD5

                    340bb5ac4921b3b34d4766dd5f438dbb

                    SHA1

                    ae85163aa2cb24169b91ebd387639d6e57da32a7

                    SHA256

                    4b3a81a74c8b8e7edbd23bf261cb93295f65c8c5e194362fc5ffe56075512054

                    SHA512

                    31aee4304329204c83967e195985f19f089f69c93705b2954b4682616cc9e207b7db5157e4a2ae9bc873230f5f1e38a0b6115ea9168e5d69c6ddc05d280c5d3a

                    Download Submit

                  • C:\Windows\SysWOW64\Deleteme.cmd
                    Filesize

                    218B

                    MD5

                    6710e933f4d217984d2e681f58c44fed

                    SHA1

                    272a4eb5691097f23605b64f416936b6ecba91cd

                    SHA256

                    43e58b8991ebe83e2c38cbd69fe1544221a0691a8a19a364c457776e71242e5a

                    SHA512

                    6a7a6f4b6e46cf885ccc41adb238178174c0d91a0b4a602966576d8ac666bfd1cfb11fc9074e11053e46f3b57a636e96b25a74ca277ec219ecf374f871583b30

                    Download Submit

                  • memory/1092-11-0x0000000000400000-0x00000000004AB000-memory.dmp

                    Filesize

                    684KB

                    Download

                  • memory/3160-0-0x0000000000400000-0x00000000004AB000-memory.dmp

                    Filesize

                    684KB

                    Download

                  • memory/3160-1-0x00000000007D0000-0x00000000007D1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3160-14-0x0000000000400000-0x00000000004AB000-memory.dmp

                    Filesize

                    684KB

                    Download

                  • memory/4248-10-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4248-12-0x0000000000400000-0x00000000004AB000-memory.dmp

                    Filesize

                    684KB

                    Download