Overview

overview

7

Static

static

3

3cf71f7128...18.exe

windows7-x64

7

3cf71f7128...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 10:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3cf71f7128cb71efce1c93b5461b5a17_JaffaCakes118.exe

  • Size

    385KB

  • MD5

    3cf71f7128cb71efce1c93b5461b5a17

  • SHA1

    0086aa631dba0d5486da852bb486712c8195d1e6

  • SHA256

    2d741d0bb82f4ff043e56cd5098496a672f43ed283f234480599e720b6c322aa

  • SHA512

    98067567255f75c172658c64f26b2e99b1a292c94d46a99325169a2edba77163f66f845d8af17c5331dcbe0ccb1842df0ef14c623f505a9e727de7f9b81fa632

  • SSDEEP

    12288:gmGkq9y+3eCR3ET8KP7BFutOye5ooP0eFu6:gmU5jWT8EDvjPC

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cf71f7128cb71efce1c93b5461b5a17_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3cf71f7128cb71efce1c93b5461b5a17_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\ProgramData\eA28601BcGgK28601\eA28601BcGgK28601.exe
      "C:\ProgramData\eA28601BcGgK28601\eA28601BcGgK28601.exe" "C:\Users\Admin\AppData\Local\Temp\3cf71f7128cb71efce1c93b5461b5a17_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\eA28601BcGgK28601\eA28601BcGgK28601
          Filesize

          192B

          MD5

          070678cac94413423697ebf5fc870c76

          SHA1

          209633ebda3a38ef773dc6f22be2be52d5e14a36

          SHA256

          ecc9b51cfe3d01db728c631e9c424f55fbfe4a4d47e7d4b7e18cdc7dcd37a2e4

          SHA512

          dfcaf764eddb844c32857eb577b070694b1b74c187e221adc9373f12f5e7070991fe0453e85d0732abeae415c1beb530f85e411ae6190f2cf78ac6574aa8e052

          Download Submit

        • \ProgramData\eA28601BcGgK28601\eA28601BcGgK28601.exe
          Filesize

          385KB

          MD5

          7b9d3b63aa96101b88ad78514f276c1e

          SHA1

          ca80e90ee092568183082b8ecdb1fef0a152973d

          SHA256

          9536c10e03c99b027ad4e281caece444d102dd32f76b67ce3aec4eda2b1aa1bd

          SHA512

          5d6ce9db725f33209872b5cfac8c21d8b95d30254b9bb5c171436b7e19c6cec189ba885dbd6df0661a4d374cba94f47d71d09dbe33e79a359911561fb3d60470

          Download Submit

        • memory/2276-14-0x0000000000400000-0x00000000004E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2276-21-0x0000000000400000-0x00000000004E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2276-26-0x0000000000400000-0x00000000004E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2276-35-0x0000000000400000-0x00000000004E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2312-0-0x0000000000310000-0x0000000000364000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2312-3-0x0000000000400000-0x00000000004C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2312-22-0x0000000000400000-0x00000000004C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2312-20-0x0000000000400000-0x00000000004E0000-memory.dmp

          Filesize

          896KB

          Download