Overview

overview

7

Static

static

3

43399001a5...18.exe

windows7-x64

7

43399001a5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43399001a5d874ba3fa4c289d7033eed_JaffaCakes118.exe

  • Size

    382KB

  • MD5

    43399001a5d874ba3fa4c289d7033eed

  • SHA1

    00739fb9255eb83ce78389e2cc97b3615a9b2ddb

  • SHA256

    a6cbc79a7bc2e01e1a12b3bbbcd8b4e7b17e2a342ed26d01145b006c50a46484

  • SHA512

    022aad4f2f05b697f568e2073616e2e3a0658ab8262ce4a07d725d60b72c3170492feedfea776bbfb3d395712172810f97c5728f5e129de9b2c1f0f2a8b23a36

  • SSDEEP

    6144:oWayFWFkwByXkRLMaKmays74PQ4nvD/o1q11VqkscP/VfRMw/fUXCubtso0JU:H4+oyXhwnP1vD/o1UVqkntf+UYSJ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43399001a5d874ba3fa4c289d7033eed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43399001a5d874ba3fa4c289d7033eed_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1040
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2880
    • C:\Windows\caikong.exe
      C:\Windows\caikong.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2888
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2844

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\uninstal.bat
        Filesize

        160B

        MD5

        69e01c599950b5caf5cd7ec972f89682

        SHA1

        2d34ceced77c1f86417c00f706e06cc902b11e3b

        SHA256

        b46da5e666a34856e6f9763f5bef2a4879b4d33f42ea1727be44a84e76fc8e5e

        SHA512

        48acf4f4b87eb21a255003a18ed572efb78d5c3ad90b4529bbb16dd32b53142c8f08fe4f567d29115e2ac1fb543f71c1b9ac3dc79cc14afda84c67f72ff11ba9

        Download Submit

      • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
        Filesize

        743KB

        MD5

        418e443e34b64656124e091670d0f9a3

        SHA1

        10660bffc4e0bdcfe7dee9bf2e9fe2c7da5831a6

        SHA256

        263ca0aa7112f7a6ab418592644aaa5e8d7d489c0273b44a4a4ef863dce6ac76

        SHA512

        28c5c935084ad1dea9ce478754bc1b0c9a1a747ebeb2964520fc49de506a28e23ee9352b2ec0c947a3472b25f47fd66df55f949e1b7999632a15c70879c7286f

        Download Submit

      • memory/1040-13-0x0000000000260000-0x0000000000261000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1040-24-0x0000000000400000-0x00000000004C2000-memory.dmp

        Filesize

        776KB

        Download

      • memory/2332-3-0x0000000001000000-0x00000000010C1400-memory.dmp

        Filesize

        773KB

        Download

      • memory/2332-25-0x0000000001000000-0x00000000010C1400-memory.dmp

        Filesize

        773KB

        Download

      • memory/2888-20-0x00000000002B0000-0x00000000002B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2888-27-0x0000000000400000-0x00000000004C2000-memory.dmp

        Filesize

        776KB

        Download

      • memory/2888-29-0x00000000002B0000-0x00000000002B1000-memory.dmp

        Filesize

        4KB

        Download