Overview

overview

6

Static

static

3

3ab468830f...18.exe

windows7-x64

6

3ab468830f...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2024 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ab468830f2af668e0b3b9af6885feba_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    3ab468830f2af668e0b3b9af6885feba

  • SHA1

    a4b7128fc820b2ae0f4416513a6f4172a2379093

  • SHA256

    2053311c2d612b75a69ed5183d92d2e2850b3ad3fbad57f772df2670ad8bcd69

  • SHA512

    8dd65b119e9b2b883cf105b708aba5bebcc24810fcb1f5228c513789e87cb67de95e9eadcc71af40792ecd7a791b3e6307a1152f3909faa597f4803505380e29

  • SSDEEP

    96:/lxORNfVDSulB0/zo0n7yaqILzyxdT/eNyXkQfsATaRhE2:/T2NfVDVlBczosnl6t/esXtsPhE

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ab468830f2af668e0b3b9af6885feba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3ab468830f2af668e0b3b9af6885feba_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\batchfile.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\Windows\SysWOW64\reg.exe
        reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Antispy /t REG_SZ /d c:\antispy.exe /f
        3⤵
        • Adds Run key to start application
        • Modifies registry key
        PID:3132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\antispy.EXE
    Filesize

    20KB

    MD5

    3ab468830f2af668e0b3b9af6885feba

    SHA1

    a4b7128fc820b2ae0f4416513a6f4172a2379093

    SHA256

    2053311c2d612b75a69ed5183d92d2e2850b3ad3fbad57f772df2670ad8bcd69

    SHA512

    8dd65b119e9b2b883cf105b708aba5bebcc24810fcb1f5228c513789e87cb67de95e9eadcc71af40792ecd7a791b3e6307a1152f3909faa597f4803505380e29

    Download Submit

  • \??\c:\batchfile.bat
    Filesize

    108B

    MD5

    d69db1a3c8038eaa0428c0a33b0725a9

    SHA1

    3e535857246bf432e5642756f0922b8b3cf59068

    SHA256

    225cbf7a9678409cfa4407aab7ad508190e20585130cc0ba0c3c59d63fa1fdc8

    SHA512

    254ae41edeec768bfb3c3bf9202477db1cf85b72befe40c2ae9ac3d18868b52b04c311bf9d4dc4c5d6ee3261f1ea585eba0d9d520db9522a02f6aa24661e1eca

    Download Submit