Overview

overview

10

Static

static

3

366525c0bb...18.exe

windows7-x64

10

366525c0bb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    366525c0bb1391e1642d3904f6d2565d_JaffaCakes118.exe

  • Size

    264KB

  • MD5

    366525c0bb1391e1642d3904f6d2565d

  • SHA1

    da28048168cbd59b82406fc911d488c9ee9ee3c3

  • SHA256

    41c2c0740c7821f19b8d3f492ef37d6f3572386f8f2f8acba7aefb2dae055c48

  • SHA512

    0bcc3b3f8664c52918df410702d71c2044e5bd051a42e7ed4763b26f4b6fac046e6fa889d0fd405eb1a2a9f76565eb3ce50ea5f30b3d680c30fd35414a0dd295

  • SSDEEP

    6144:ZrrXI/3JJYHyxyIuEA4aZM9DRruwcu3zCCvQe:FrXcvHVzKu3zCCvQe

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\366525c0bb1391e1642d3904f6d2565d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\366525c0bb1391e1642d3904f6d2565d_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:496
    • C:\Users\Admin\naumul.exe
      "C:\Users\Admin\naumul.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\naumul.exe
    Filesize

    264KB

    MD5

    c2da7578ed73833f1b54809912e3a214

    SHA1

    688ec4fe4a068395e618ee71abc1099592424470

    SHA256

    d83a0329f1d6c7b626043e1db91a38379dbc45694c9d660806d44aaab4d9e7eb

    SHA512

    7117ac1774baf1fadc247ddc8e253434398001845f9211a9ed03168d8356ab7bc6341a21b4e8768d4a0bc06fbb356dbd85ad65bc61e209900ee83c2c9a342439

    Download Submit

  • memory/496-1-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/496-9-0x0000000002880000-0x00000000028CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/496-15-0x0000000002880000-0x00000000028CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/496-20-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/496-21-0x0000000002880000-0x00000000028CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2428-17-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2428-22-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download