Overview

overview

7

Static

static

3

3e3f5d1c01...18.exe

windows7-x64

7

3e3f5d1c01...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 17:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3e3f5d1c01888dc4e22d0251f522d6b8_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    3e3f5d1c01888dc4e22d0251f522d6b8

  • SHA1

    b8d02803f2160ceda020c978455e849744c2af07

  • SHA256

    468c12e63dd6cdf5df6c370f0261c34dcc6248b95aab9912787ca69d800789bf

  • SHA512

    3a7b1963ca4593e56924fc1af6da7743340809f6ed236707daf1d4e1ec6080fd02e2260dfe67c959ce5f0f4d69915aa4b24328f27e46f3846f91e4fcd6212c85

  • SSDEEP

    384:WqX0XQXXq2tCOpnDqf9ptAy2FPWz9ncBV0UuCYIElQU5eT9VO5ueoCKyC/9Y45HW:W20An3ZpnDGptYloznn4/JTXZZM9ZvN

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1392
      • C:\Users\Admin\AppData\Local\Temp\3e3f5d1c01888dc4e22d0251f522d6b8_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3e3f5d1c01888dc4e22d0251f522d6b8_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2388

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Windows\SysWOW64\SHAProc.dat
            Filesize

            32KB

            MD5

            b797774b4fa3835f2da9f9e82fca9961

            SHA1

            b885141b08b95d333699bbbcce7cc4252ca917ef

            SHA256

            55d71470ad808cc0c20c679eddc98727563442876baee64efb51c8d58aa80a39

            SHA512

            d0b6e3b489790addf6d7502f0f5a52e4feb875d24a838635bfe8816778260e39c162693cfc955061951c75b97d233d6ef3f3e7462f25e0f345ee6b9d81b426d8

            Download Submit

          • memory/1392-3-0x0000000002260000-0x0000000002261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1392-3-0x0000000002260000-0x0000000002261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2388-0-0x0000000000400000-0x000000000041A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/2388-9-0x0000000000401000-0x0000000000402000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2388-12-0x0000000010000000-0x000000001000B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2388-0-0x0000000000400000-0x000000000041A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/2388-9-0x0000000000401000-0x0000000000402000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2388-12-0x0000000010000000-0x000000001000B000-memory.dmp

            Filesize

            44KB

            Download