Overview

overview

7

Static

static

3

37df775bd2...18.exe

windows7-x64

7

37df775bd2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 05:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    37df775bd2ca35ef4c8e252181812438_JaffaCakes118.exe

  • Size

    281KB

  • MD5

    37df775bd2ca35ef4c8e252181812438

  • SHA1

    7e96db2fae18fc4c592dc3ebae7ef065a45bd96f

  • SHA256

    640831973f16a461c8f12bf980c8261440d7b9f9aeb66aeb2908e701c70ad98a

  • SHA512

    fb24e5676dfa4c2e501ff390989f7ffd3d9f29e445052879be95f58fee13394ebb39773683b3165b05fe5f6960e3392b4f2dfee8fb02726899a702d22352a638

  • SSDEEP

    6144:QvUTQlCjQA6XTqbU94/awxvTVTfyuw5H+Mb3P1pHQGXQDMHp:+HC0tjqkQawtRTfweK3d4DMJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37df775bd2ca35ef4c8e252181812438_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37df775bd2ca35ef4c8e252181812438_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2788
  • C:\Windows\systim32
    C:\Windows\systim32
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files\Internet Explorer\IexplOrE.ExE
      "C:\Program Files\Internet Explorer\IexplOrE.ExE"
      2⤵
        PID:2312

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\systim32
            Filesize

            281KB

            MD5

            37df775bd2ca35ef4c8e252181812438

            SHA1

            7e96db2fae18fc4c592dc3ebae7ef065a45bd96f

            SHA256

            640831973f16a461c8f12bf980c8261440d7b9f9aeb66aeb2908e701c70ad98a

            SHA512

            fb24e5676dfa4c2e501ff390989f7ffd3d9f29e445052879be95f58fee13394ebb39773683b3165b05fe5f6960e3392b4f2dfee8fb02726899a702d22352a638

            Download Submit

          • C:\Windows\uninstal.bat
            Filesize

            218B

            MD5

            bcfd6a2d4adb3cf3fce290f8899c9b28

            SHA1

            6d5e001ac62392330b50f37bdef6886c27f71d07

            SHA256

            5fa25633a160808ce009c3c2cc5656369d20abb72f75abb1c0d0bf42f7a209da

            SHA512

            77c2134021b145983c017e81e1453400e3be18ed9a73016a9c8493766677074524d76d7ae1ed92f00b2c014bd0e2107204f9d092e0c855181e77bc048144ad4e

            Download Submit

          • memory/1804-13-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1804-10-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1804-11-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1804-15-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1804-14-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1804-25-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2992-3-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2992-1-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2992-8-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2992-4-0x000000000050E000-0x000000000050F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2992-0-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2992-5-0x0000000000400000-0x0000000000518000-memory.dmp

            Filesize

            1.1MB

            Download