Overview

overview

7

Static

static

3

44c31ff4c9...18.exe

windows7-x64

7

44c31ff4c9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 06:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe

  • Size

    316KB

  • MD5

    44c31ff4c91dbf587a94564ad44d5077

  • SHA1

    91168e4c8b9849252725b19bbc4e76f39379b483

  • SHA256

    d0bd7eb76619e0d14254fa3ff3172c7bd0b5078f5d58c9e2c3131b4561d6fb3d

  • SHA512

    7a96d2a41c5dfe0e6c667b2ff2741a084e0ba105f7f7da05c2b6eabe315ca6cef821996d278ae4ddab663929f8e64ccb891517ba50fd467aaf26db297e1c2376

  • SSDEEP

    6144:5JF4z+Jq3Ntu+FWkFip1HaTTirGWpC5mO8ij3KIz:94z19dfFib6Ti5o7KIz

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\ProgramData\bIkJlIjPkJb24512\bIkJlIjPkJb24512.exe
      "C:\ProgramData\bIkJlIjPkJb24512\bIkJlIjPkJb24512.exe" "C:\Users\Admin\AppData\Local\Temp\44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2688

Network

    No results found
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
  • 69.50.195.77:80
    bIkJlIjPkJb24512.exe
    152 B
     3
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
  • 69.50.195.77:80
    bIkJlIjPkJb24512.exe
    152 B
     3
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
  • 69.50.209.220:80
    bIkJlIjPkJb24512.exe
    52 B
     1
  • 69.50.209.220:80
    bIkJlIjPkJb24512.exe
    152 B
     3
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
  • 69.50.209.220:80
    bIkJlIjPkJb24512.exe
    152 B
     3
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
  • 194.28.113.214:80
    44c31ff4c91dbf587a94564ad44d5077_JaffaCakes118.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\bIkJlIjPkJb24512\bIkJlIjPkJb24512.exe
    Filesize

    316KB

    MD5

    ce9634edc6ede8034edb637d8c863e04

    SHA1

    1244976449b7a269c8e6b90002e81302f34bb148

    SHA256

    a7709f75d1832f0e434b05dd1d9732478bbca047fe8c991538f32eb09ac26977

    SHA512

    4e38294e4e6b5a823938f6e90cfbe29d2716fdc3bef9de4c84ec9bcd1f0b1bf096ba37d73d04308b6f1bcfbb36490d52e6de608e3b756d78db3c41bd671c7f05

    Download Submit

  • memory/2136-6-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2136-5-0x0000000000403000-0x0000000000404000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2136-2-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2136-0-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2136-10-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2136-68-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2688-25-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2688-24-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2688-29-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2688-44-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.