Overview

overview

7

Static

static

3

3e4708bd3e...18.exe

windows7-x64

7

3e4708bd3e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e4708bd3e9e1f75d4e6a72721e0cece_JaffaCakes118.exe

  • Size

    656KB

  • MD5

    3e4708bd3e9e1f75d4e6a72721e0cece

  • SHA1

    74832de75d4e76b25442609241d8368016b04b66

  • SHA256

    5eafef115acbd8fe22e349325a7584904c1f45cf786c756879bb9e5d64858cc5

  • SHA512

    2242b7bbad2803ce8e41e0b47fd83f6a1db6e527960954a7c2f585e3f22d7c9d0e8156092c32d6516d4ba3d52f563abb6ed1dc4a1ccae0fcb4e52881a9870612

  • SSDEEP

    12288:rH5iVPhj8zky21+pA+sc+nHGGVb6F3Z4mxx4DqVTVOCRm:7gVPhqvsvnLVb6QmXfVTzRm

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e4708bd3e9e1f75d4e6a72721e0cece_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e4708bd3e9e1f75d4e6a72721e0cece_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\DELME.BAT
      2⤵
      • Deletes itself
      PID:1984
  • C:\Windows\EXPL0RER.SCR
    C:\Windows\EXPL0RER.SCR
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2700

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\DELME.BAT
      Filesize

      218B

      MD5

      5dda2c0e0c6a0ee0681a3a051bcdde2a

      SHA1

      6013fa188a9e9151bb36b71d4b9090fc6c8eeb3b

      SHA256

      b5474b07939e086045fa6b4475538b8d6e3e267615d221b9cccd2b987ecbdcde

      SHA512

      e61b4582e9711fa7476cbc18e302e1107b12dec28ebfa4a215bfbf6408a8f5d0cf6ce1347cc213daa27879d8d430f56447eb5d3cd2427ec63c6f04d8dfaaa5a4

      Download Submit

    • C:\Windows\EXPL0RER.SCR
      Filesize

      656KB

      MD5

      3e4708bd3e9e1f75d4e6a72721e0cece

      SHA1

      74832de75d4e76b25442609241d8368016b04b66

      SHA256

      5eafef115acbd8fe22e349325a7584904c1f45cf786c756879bb9e5d64858cc5

      SHA512

      2242b7bbad2803ce8e41e0b47fd83f6a1db6e527960954a7c2f585e3f22d7c9d0e8156092c32d6516d4ba3d52f563abb6ed1dc4a1ccae0fcb4e52881a9870612

      Download Submit

    • memory/2644-39-0x00000000003A0000-0x00000000003F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2644-37-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2644-24-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2644-25-0x00000000003A0000-0x00000000003F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2708-9-0x0000000000B70000-0x0000000000B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-20-0x00000000032F0000-0x00000000032F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-8-0x0000000000940000-0x0000000000941000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-7-0x0000000000950000-0x0000000000951000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-6-0x00000000008A0000-0x00000000008A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-5-0x00000000008B0000-0x00000000008B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-4-0x0000000000B60000-0x0000000000B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-3-0x00000000008D0000-0x00000000008D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-2-0x0000000000930000-0x0000000000931000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-22-0x0000000000890000-0x0000000000891000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-21-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-0-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2708-19-0x0000000003300000-0x0000000003301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-18-0x00000000006C0000-0x00000000006C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-17-0x00000000006B0000-0x00000000006B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-10-0x00000000008C0000-0x00000000008C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-11-0x00000000032C0000-0x00000000033C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2708-12-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-13-0x00000000032C0000-0x00000000032C3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2708-34-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2708-35-0x00000000007E0000-0x0000000000834000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2708-14-0x00000000033C0000-0x00000000033C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2708-1-0x00000000007E0000-0x0000000000834000-memory.dmp

      Filesize

      336KB

      Download