Overview

overview

7

Static

static

3

3d118ead9a...18.exe

windows7-x64

7

3d118ead9a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d118ead9a80a32a90ebc80496143a0c_JaffaCakes118.exe

  • Size

    100KB

  • MD5

    3d118ead9a80a32a90ebc80496143a0c

  • SHA1

    8574e8eb94d3c2c8a0534cc076420243d722c8a6

  • SHA256

    3216b105203590159dc0dccbc0f70d84879008501d6a959c20b3b223a28b9217

  • SHA512

    1aaca8dcbb23f9b5c1472014ba1f21d31cfc79179147be82a568e3dac4d2223a9acd4b846a991a01243c8854343681d563458319cb74cd80a6d7969095199ff8

  • SSDEEP

    1536:yoC9+1D+pWTP0M9gXZh/IcNmvw01bvBkPOd0rd0L7bz6oRT3Cx95:yNDWTP1q7Ow01bvDsiL7bznZ3Q5

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d118ead9a80a32a90ebc80496143a0c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3d118ead9a80a32a90ebc80496143a0c_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\3d118ead9a80a32a90ebc80496143a0c_JaffaCakes118.exe.bat
      2⤵
      • Deletes itself
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Explorer\wsock32.dll
    Filesize

    52KB

    MD5

    027bbe62ac0d42398e531053c5399d3c

    SHA1

    5a2958d58ac867a2f7e0b390639f13b7ccdef940

    SHA256

    5c966aad4138d712301fab8768c94c3c760b195e8caabcc036bfaefb992062f5

    SHA512

    5ab1d4da062333106d5c0755d3be68a5396bfbf7168fe0b2292764eb2606556845d84d05dfbc17ed9dec2585750270015c89c6f8845f9cfc357a52c0f7790b95

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3d118ead9a80a32a90ebc80496143a0c_JaffaCakes118.exe.bat
    Filesize

    408B

    MD5

    e2f83ab589eb4586816ed5090d364b2b

    SHA1

    13247e9946262284e65c0a1d14bd58da4f88f186

    SHA256

    780d3cb327a5e239e2262b469850a46e550338cbf7b35af82f125b3acaf47597

    SHA512

    72471ac75b25756c23a0eddcacc8fe2dd60aa919e015aa86d7ae0e32831da2e5685c39b082a6e0a8af9ab34c673355bf506d76dc341541369b324bb25f5e4fae

    Download Submit