Overview

overview

8

Static

static

3

3c948a7071...18.exe

windows7-x64

8

3c948a7071...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 08:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3c948a7071647b71d717e58ea4e9edd3_JaffaCakes118.exe

  • Size

    683KB

  • MD5

    3c948a7071647b71d717e58ea4e9edd3

  • SHA1

    0a78c16486a05ce4de96e8f68af91d9697917c03

  • SHA256

    ae12cfbdf3e881568ea3eb20c73eb591444025790130bae15da3493118d0c7a7

  • SHA512

    8ce4a4cfbd08597fc5593f7547b712798164f76f48c3a8e773c5392d2c7644b0d9dca88940f0014004cf28de0d98661d833f7bcad5b0fa7d90122a205477e157

  • SSDEEP

    12288:UsA1mIRjZp9IyTFCMXSWEOIsgsg+8nS+K7u4xkCEPk9VPIM2ilbByvSXB+5Z+:UsnIPp9IyTFC00OIswnS+6u4xtyk9VPZ

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c948a7071647b71d717e58ea4e9edd3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c948a7071647b71d717e58ea4e9edd3_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:876
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 764
      2⤵
      • Program crash
      PID:3700
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 876 -ip 876
    1⤵
      PID:3996

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\concp32.exe
            Filesize

            692KB

            MD5

            ef4fde000a11acb7d2834ee01b688a33

            SHA1

            82df015a94c5ee5e76dddf13cf8490b72bc01cc4

            SHA256

            1ce0e07c4dc26270c31819ae1ecf91c31ecaa61f1a85d5d22673c75e4bf14755

            SHA512

            56d979b0cf68a9593c6d5655a070f148ac5e0a6592fd5a8675de539851b27c03829e4ec22d21620a8ffaf832f53e0e59bb3f69fd83f28d18377657aa3a5e8172

            Download Submit

          • memory/876-0-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/876-7-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download