Overview

overview

7

Static

static

7

3c464ad525...18.exe

windows7-x64

7

3c464ad525...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe

  • Size

    103KB

  • MD5

    3c464ad52529a43af054503ca89bff6a

  • SHA1

    fceb721248deac3f3e365d77568859552d218eef

  • SHA256

    544edd1531b2599607bde440b23e18d836dec80174060b871fc8faf7b702bb41

  • SHA512

    529177d25561d7f2877fcd6487b6ce97d9ee848d985ab41f45480899c8051d5c7be8f02867cc9fc50717808f37c64087606d7edfd6c3d5c49d463aca80e70da8

  • SSDEEP

    3072:Zq60TUZO9pMwCo9mfEE2mTSnqG1oRqhBxQiOxejr:8ZTU492wCGm/enq6oRABxC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\WINDOWS\system32\MSINET.OCX
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:1184
    • C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\3c464ad52529a43af054503ca89bff6a_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4592
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\WINDOWS\system32\MSINET.OCX
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS\SysWOW64\MSINET.OCX
    Filesize

    62KB

    MD5

    f15fff6a8547d03a2db82264075d34e7

    SHA1

    adca52fb990b2109f22540356a0ead3e5481684e

    SHA256

    d8eb0d4cbd89e6907284291594ee63f1321058ccda547c2adc92ee49e429173b

    SHA512

    b94773f3e2c4399c8310c275e6e85808273016febaffbe52f7dc8d48a7f051217bfcdefd2a067aa97325754669091a419cfc0e659b36ab0bc66d1bd80c2d48cc

    Download Submit

  • C:\WINDOWS\SysWOW64\Move.Data
    Filesize

    24KB

    MD5

    2729834b9cd020fe63ea0817af3383f4

    SHA1

    e0048b9340ad4eeab3c03c825b862e33fe26568e

    SHA256

    b0666185eb0f9178a5eba9fa44b0811ca71626961ae8618b76fcbd5d8854ed49

    SHA512

    f16f80d4c052a23c2c2a6250ebfef8c82f8e96a8b0096a7a28e3b157a9ba1176202503bbd03c2fb31face7b5ace016395f8c31d5fdfb115d1ce538e9c7c6ecad

    Download Submit

  • \??\c:\zt.dll
    Filesize

    5B

    MD5

    d5cd9f572ebe004f98d8afb856d232c2

    SHA1

    584079f5d23dd1142ce6c42561934fb3200150cf

    SHA256

    773ac3bfde8adb749433b89f1e62d185687558b2ee1383c8e7dfba930c22467d

    SHA512

    6fb8ca1331313fc9a9b9240766c65b448956398a7a920e0b7132dc5800c69ead4bd4400a87a62eb9ee78a9912cd0fbcaa017596db2f5811db7fbc6542c75fe8e

    Download Submit

  • memory/1184-6-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1184-7-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1184-8-0x00000000007E0000-0x00000000007E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1576-20-0x0000000000C10000-0x0000000000C11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1576-19-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1576-21-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4524-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4524-29-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4592-13-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4592-27-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4592-28-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4592-30-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4592-33-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-32-0x00000000234C0000-0x00000000234EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4592-42-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download