Overview

overview

7

Static

static

3

3b535a4eca...18.exe

windows7-x64

7

3b535a4eca...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 00:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b535a4ecad93dc063fd07b2ae6e58a9_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    3b535a4ecad93dc063fd07b2ae6e58a9

  • SHA1

    f1f1c5ab31ae713bab286da6d6f6eb4b1c932249

  • SHA256

    426cf52c2175ff723d9b41fa9e4fbc73c035a3458be12863111c8b162dda8fdd

  • SHA512

    6eb57ca55dfa8d2265185316b0aaffab57389fcf920e47b80e6fea4cc7c098b16a4505a57ab48401960197e5da0c7e6bba8bc343a0669fcaa43db6a3ab428bdf

  • SSDEEP

    24576:0/xfGMJZjFY3k0XM8xvPbndMM7oOG5dSu52kEp3W8AD/Dhd+y4lqJ8QdCYDoDNQ:05frJVC3k0c8lsOGTasvD/DX+y4onCYP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b535a4ecad93dc063fd07b2ae6e58a9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b535a4ecad93dc063fd07b2ae6e58a9_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\Program Files\WAIGUA\dxwg.exe
      "C:\Program Files\WAIGUA\dxwg.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4120
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 536
        3⤵
        • Program crash
        PID:4684
    • C:\Program Files\WAIGUA\µØϳÇÓëÓÂÊ¿.exe
      "C:\Program Files\WAIGUA\µØϳÇÓëÓÂÊ¿.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1784
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4120 -ip 4120
    1⤵
      PID:2904

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\WAIGUA\dxwg.exe
            Filesize

            21KB

            MD5

            bc64d9b48217bf4958c4c4a446d62fa3

            SHA1

            32db34d3e3d98602f7c9c081d56e1ac37b80c068

            SHA256

            90903198fa7b2b7c2331da249f1bfcc4acf1fb7be025ede7f7b65260f818cb13

            SHA512

            5ef98feff1114e2ebd599d430d52d1de0f83563d2dec9c52d6b80d73f2ea08f6ec06417c43ec2fea566b73b3e891569d1232795c2fa7cabf8f10204db56511eb

            Download Submit

          • C:\Program Files\WAIGUA\µØϳÇÓëÓÂÊ¿.exe
            Filesize

            72KB

            MD5

            2479cbbd6042c4d458fa470aa96bb7b2

            SHA1

            dc74c63a48835b9fc5bf63b7a0413c8db88d1b38

            SHA256

            3f1c4809167e4aadc946136cab30eaff0b5876065f5083b42058a2c39ea154e2

            SHA512

            6e7798f6a716ed77978e78e09b8c4cc90316f7a5607f4903e3b0683b26a8c01ddbc69369adb223bf72d6512794aec0d00f112b1bbabd502e5a3e14a6446ea857

            Download Submit

          • C:\Windows\SysWOW64\RasEngine.dat
            Filesize

            48KB

            MD5

            98c499fccb739ab23b75c0d8b98e0481

            SHA1

            0ef5c464823550d5f53dd485e91dabc5d5a1ba0a

            SHA256

            d9d8ce1b86b3978889466ab1b9f46778942d276922bf7533327a493083913087

            SHA512

            9e64ac13e18ab0a518bb85b6612520645b5ab2c9a5359ced943813ba7344714999f25ba0e52240ad2d0c2fefc76552ff43173adc46334ff0b5dba171fb58e4e6

            Download Submit