Overview

overview

7

Static

static

3

3f0654bbf6...18.exe

windows7-x64

7

3f0654bbf6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f0654bbf66009af1e8953aa604a9c40_JaffaCakes118.exe

  • Size

    494KB

  • MD5

    3f0654bbf66009af1e8953aa604a9c40

  • SHA1

    3a664e8bc631bfe424374b6cd8743a9659da10df

  • SHA256

    46abe6629e3453a99c6ab3b7d27b49d6d1bb3881dd07ac2c5913e6b1dea3c136

  • SHA512

    4a7671fd288e6503d2c12e016de2e5690169c69aa5a4cd13ef798679e3bca9c16f4e19e78b6575ce6f2d93a936c2deffdbfcfacb72ebae648de6bf5e462ce3c9

  • SSDEEP

    12288:6GInNWz/2xqs7JpGHgTY9/2gtsf3AsoLU8bu53R98L:6GIn++MsJsATY9lti3HoLHbu5hWL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f0654bbf66009af1e8953aa604a9c40_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f0654bbf66009af1e8953aa604a9c40_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    PID:1952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\PORTUG~1.VLG
    Filesize

    14KB

    MD5

    d0a9bf8de94f49ae4ccf95780eb76313

    SHA1

    9f5a01343df5746a8974210c1b5f111bf9366cf8

    SHA256

    b4c1459f2be503d9f8426ec435a92009956cc28da42cc5b80a131c5fd1591e85

    SHA512

    fdaabc99f26f664a510d0150703e24907211a762a8d0a06f087c0e60f112a271ee8d0b6c89e252d6badbfb0f4485e0c0b3af4994e07d635d79dc69904749b621

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~vis0000\jpeg.dll
    Filesize

    104KB

    MD5

    0da8449291b80aac6c6f7e356d14ba36

    SHA1

    421456596c690b69d262dcb5e96f474c3c92ab14

    SHA256

    c83e2f98b9182073002b24c731f9fe0512bc4a3b468181c677d20fc465218232

    SHA512

    4e99332b791a7629d8541fce0e3d56d3452168abbbe5e56e38d79edb440bf1e12ca2d73d2f79d78a5c2ba282ab3ff84103691153fe26da670e9a9a28f75713ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~vis0000\vise32ex.dll
    Filesize

    496KB

    MD5

    db798587868984eb838a71338f6ffe53

    SHA1

    c9fef0b8e6806137f29beb8c0eae04f1c5bb8c39

    SHA256

    6d4209a51dedb0aedcdfd5cbed6fc80dbc34b51cd1dc176d788f07b5cdf06642

    SHA512

    1e6f4ce4156693f9f9a8f70b8b9ff5080a27ac903929ae7aefd277c455d088aaf6b19ddc1edc131eb552eada877462829473885804df7f9246d412754d098c58

    Download Submit

  • memory/1952-53-0x00000000009C0000-0x00000000009DB000-memory.dmp

    Filesize

    108KB

    Download