Overview

overview

7

Static

static

3

3a193e9a95...18.exe

windows7-x64

7

3a193e9a95...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/UNICCodec.exe

windows7-x64

7

$TEMP/UNICCodec.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 17:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a193e9a95d4b6335a9e84c35ebaf1c8_JaffaCakes118.exe

  • Size

    105KB

  • MD5

    3a193e9a95d4b6335a9e84c35ebaf1c8

  • SHA1

    57965222b7ff57fbc727f93bfd3f25ca77115abf

  • SHA256

    62da9734fae92cfe7ec35bd772d6f585605a3375ba2bb0fd4d703f8d7f89766f

  • SHA512

    a9f98bd91ac30aedd9687687b625a4223c45457a2e3f5d29fe309efa5bbb847bfeaf38011e3895d82b791611da86ebfc6cf5d3a2afda529d5d0967419f8ff0cf

  • SSDEEP

    1536:DuLdaekIpG1GCDPy+EiaD4y3oAYp+d5qw6Re+u5s7caIsKAMGYxV3hcRvgJfpasu:bep8PHGDUw6ReOcabMGWV34vgPaN1Hf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a193e9a95d4b6335a9e84c35ebaf1c8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a193e9a95d4b6335a9e84c35ebaf1c8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\UNICCodec.exe
      C:\Users\Admin\AppData\Local\Temp\UNICCodec.exe
      2⤵
      • Executes dropped EXE
      PID:4688
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 392
        3⤵
        • Program crash
        PID:2640
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4688 -ip 4688
    1⤵
      PID:2732

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\UNICCodec.exe
            Filesize

            33KB

            MD5

            9f3a6d861d3ef30dd30c11a0de5a6800

            SHA1

            728ec7ac84359b8c89f8dacfb42b1747283e7100

            SHA256

            ca86165448cee2af3890173190c923ab31735a14a56cbd3c226b693cfa379a54

            SHA512

            837bad57fb539b02f1da9c17a57ed019ee3c41b6defb2fef5aa8636864569f6f82a126282b0f8788277a7f7cbfc571ba8f1d4ac1f7e9950ff1b24c3ac06f9496

            Download Submit

          • memory/2392-6-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download