Overview

overview

6

Static

static

3

34fad272d9...18.exe

windows7-x64

6

34fad272d9...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34fad272d93869996f0827b4f45e3fdb_JaffaCakes118.exe

  • Size

    171KB

  • MD5

    34fad272d93869996f0827b4f45e3fdb

  • SHA1

    c923f35909ca0ac9a374c9036c0590a0477d7b0b

  • SHA256

    538fa0fa328bf474da6f8dc057b3d17049a50a32bf75703fc69f3e19c58d2e45

  • SHA512

    f91d8c3b0d8deda0d86657856b5a18ead88edc01256d37b7aaf75d5b4e85f273690e3ef5f0501ae4d773d77e35f6b150b4b0efe81be05030e05d3a4e8ba67ece

  • SSDEEP

    3072:s6G3gsujuKgaxBLg1RjM5TBZLOGcImEUbQeLi9f0tJjNQWiS0fw/rSIS:W3utgaxLlzh1mLMemaZSWiS0fwTSD

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34fad272d93869996f0827b4f45e3fdb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\34fad272d93869996f0827b4f45e3fdb_JaffaCakes118.exe"
    1⤵
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Temp\34fad272d93869996f0827b4f45e3fdb_JaffaCakes118.exe
      2⤵
      • Adds Run key to start application
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2680-9-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-12-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-8-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-6-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-4-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-2-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-14-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2680-15-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download