Overview

overview

10

Static

static

3

36641b0a71...18.exe

windows7-x64

10

36641b0a71...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe

  • Size

    248KB

  • MD5

    36641b0a718d811e74fde8ef7dd0ed32

  • SHA1

    8426c305ac2e732f643d4e1357b57353f7e25e30

  • SHA256

    fe87a12f6e6195ea889f8f8f1f0f48c9cb8c75bf9bc678e1130dd8451b13cc32

  • SHA512

    e7048deb5c4a3fe0e2d0f0890ac369f64d62c46166bdd8a9203bb7030b3b721b172f61f149279b045d97ba46b0ef35baf2a09e062f730a6bc522532d81d3b0d6

  • SSDEEP

    6144:dvM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DO:dE5CLkFfnRnWKnvmb7/D26qndv0DO

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Users\Admin\mpran.exe
      "C:\Users\Admin\mpran.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\mpran.exe
    Filesize

    248KB

    MD5

    430a7e66ead8c8f72218700b54f3a41b

    SHA1

    4eaf00cb7f87c1ce9df8cd90cd03b72c69cd86a3

    SHA256

    47c4b36af02cb7d1db4ad6012598a91b24a4d9887171589785ff48ba7fc7565d

    SHA512

    b8eb58b3af0e900a52c46d9f342537adeacfcf421b0b2af24762e3ca4b0a4a313cbae7fc730b7e03dd0152e62fda4424cacc4553ab5e2a7023b009afc102e62e

    Download Submit