Overview

overview

7

Static

static

3

34b185b25b...18.exe

windows7-x64

7

34b185b25b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34b185b25b12fc6bdf24fdc743c255e8_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    34b185b25b12fc6bdf24fdc743c255e8

  • SHA1

    244b82d3ef75d5b0b43b31289d4b1b275ceb194f

  • SHA256

    3c7e46fa326e3ac93a9ab34c796be04e2ad2f3b16bd50685f4ed06ff6d5d3246

  • SHA512

    c3eb357bedd67391ac6a20af833ae9279dcf6032f5504f05a0bc2ee6f6d3e5d041d6ae6225ecefa84bd8dd795402ef74b9fc708c4459343c5db7d7a4544ddbc6

  • SSDEEP

    384:BwqUmiU/QqUm1U1QoQqUm1UjbfoQqUm1U5PoQqUm1Uw4joQqUm1Uc:Bwxk/Qxd1jQxdjbAQxd5QQxdw48Qxdc

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34b185b25b12fc6bdf24fdc743c255e8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\34b185b25b12fc6bdf24fdc743c255e8_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\msreg.exe
      C:\Windows\msreg.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 36
        3⤵
        • Program crash
        PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\msreg.exe
    Filesize

    4KB

    MD5

    b1220810708ddb633b95c51e7de4c0c3

    SHA1

    aea221334cd3967b910aebf91ade3085d0180c2c

    SHA256

    8d608f6b31810358fa72263a46130cfd6847b0c47a91fa773660eefeadf5b366

    SHA512

    b8da2c6cdd31116959fb29241cc60c6ee76af104fe74030533a32085926e39c38de33f070b849b45265ea49e94b388671e1a08201d96fd54c7e056ae1920f20f

    Download Submit