Overview

overview

7

Static

static

3

410ec71246...18.exe

windows7-x64

7

410ec71246...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 09:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    410ec712460d855abed33a68b0d28ad2_JaffaCakes118.exe

  • Size

    728KB

  • MD5

    410ec712460d855abed33a68b0d28ad2

  • SHA1

    fb0a027afcda8eae7e6bc30ace0ea02fd5c9fc2b

  • SHA256

    14165bd04032a6bb37186a736111d1d84eb23ddfe9d70578d4d00ecc73d948bb

  • SHA512

    9272678a079a3b8606271778b42fa6c3ba52b468a43a9fa865c37b1db6288de219af7d61f5b6aaef1345aa6055a15394bf16090ac07b7203b90de163165ca95e

  • SSDEEP

    12288:nekD9NJcz9QnJ7jaIjxijQaIegE/oDEmH7CHF3Z4mxxox0N0JShnZHvp3n:neGO9Q1cTIegBOQmXq0eJKh

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\410ec712460d855abed33a68b0d28ad2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\410ec712460d855abed33a68b0d28ad2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2628
    • C:\Windows\Hacker.com.cn.exe
      C:\Windows\Hacker.com.cn.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2596

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\uninstal.bat
              Filesize

              150B

              MD5

              5edd682a8b1f2bf873300774f954ab03

              SHA1

              2cca4e743d02dbccf31b784ea26a60c03dcc9637

              SHA256

              a34c51ec5d2ac66ef75719e7dee61b6e89e74d054712438da2585ec92ce0865a

              SHA512

              916f0e846a38f63aae996e2a3957fa24fed3bcaa6add68c529e3cc0aa063dca49b98d42c92317bfc2f43d745c492e1e1e6f5db0c986b9682f4b9b0cf0afd7bd2

              Download Submit

            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              785KB

              MD5

              6402c7cbd682e63622320a4c1aa82589

              SHA1

              48a34fa3d8bed12796deb3312c564563e8eef3a7

              SHA256

              e301c98d423ff57c4988312ea2baae1c014f6885e5eb1c67c47223c990b6d39e

              SHA512

              612141c160de9400944b094cc2c80330059ec50f975e29a6a1b86c18da19f169fee6a295487b0c8a1a1873d9cf679df30d4d7aedbdcdf1245770b2c058cb86bb

              Download Submit

            • memory/2212-14-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-13-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-30-0x00000000009D0000-0x00000000009D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-29-0x00000000009E0000-0x00000000009E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-28-0x0000000000A00000-0x0000000000A01000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-27-0x0000000000A60000-0x0000000000A61000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-26-0x0000000000440000-0x0000000000441000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-25-0x00000000009B0000-0x00000000009B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-24-0x0000000000980000-0x0000000000981000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-12-0x0000000000400000-0x0000000000401000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-22-0x0000000000420000-0x0000000000421000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-21-0x0000000000430000-0x0000000000431000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-20-0x00000000009A0000-0x00000000009A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-19-0x0000000000950000-0x0000000000951000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-18-0x0000000000970000-0x0000000000971000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-17-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-16-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-15-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-31-0x0000000000A80000-0x0000000000A81000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-0-0x0000000001000000-0x000000000117A000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2212-23-0x0000000000990000-0x0000000000991000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-11-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-10-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-8-0x00000000031E0000-0x00000000031E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-7-0x0000000000250000-0x0000000000251000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-5-0x0000000000190000-0x0000000000191000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-4-0x00000000001A0000-0x00000000001A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-3-0x00000000003F0000-0x00000000003F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-1-0x00000000001D0000-0x0000000000224000-memory.dmp

              Filesize

              336KB

              Download

            • memory/2212-32-0x0000000000A70000-0x0000000000A71000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-9-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2212-56-0x0000000001000000-0x000000000117A000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/2212-57-0x00000000001D0000-0x0000000000224000-memory.dmp

              Filesize

              336KB

              Download

            • memory/2672-54-0x0000000000400000-0x00000000004CE000-memory.dmp

              Filesize

              824KB

              Download

            • memory/2720-59-0x0000000000400000-0x00000000004CE000-memory.dmp

              Filesize

              824KB

              Download

            • memory/2720-63-0x0000000000400000-0x00000000004CE000-memory.dmp

              Filesize

              824KB

              Download