Overview

overview

7

Static

static

3

4566a0335e...18.exe

windows7-x64

7

4566a0335e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4566a0335e88e607bdc80854bd7c18b8_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    4566a0335e88e607bdc80854bd7c18b8

  • SHA1

    67776f23067b094919e2649678efab9ea5561741

  • SHA256

    ccbde413a1b675fbf1d5fa0c628312c2abd9609ab0055e1174fbe13c5e04dae5

  • SHA512

    b9bb4a358056a9c4592ebf038c203ab9ea8435d0d08f90724edfa156e4b668530942ce425d9b5961122212e167e5eb9a5d2b51b2647984a66fc80dcc1fc1ae03

  • SSDEEP

    24576:wHshkdggBuYDi92N5ffXfVjFUJwmNOHdwcpBeCrYu0xH4erIWBHEQMV/XMO67Y/:P6NTc2fftjYnYM0YV4U2tB

Score
7/10
evasion

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\4566a0335e88e607bdc80854bd7c18b8_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\4566a0335e88e607bdc80854bd7c18b8_JaffaCakes118.exe"
        2⤵
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1092
        • C:\Windows\SysWOW64\WinRoot32.exe
          C:\Windows\system32\WinRoot32.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1844

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\WinRoot32.exe
      Filesize

      28KB

      MD5

      6a9632f77ce1ec39313103955d76ba24

      SHA1

      64275283b30cf306b0dc6123b5477c9f818216c4

      SHA256

      b23bcd6024d5c072d55dcb8035f2a0cd924340a84cde79902b4ab85628743202

      SHA512

      ef82109e9b04552997bc86a435041439c5dc57b3767c3c6c9c0792cbc1437fa1183c9829b8c35d85d5ee8bbb815a52f807a8c7dfd26a72985bd073233fb7a425

      Download Submit

    • memory/1092-16-0x0000000000400000-0x0000000000534000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1092-1-0x0000000000540000-0x0000000000639000-memory.dmp

      Filesize

      996KB

      Download

    • memory/1092-5-0x0000000000401000-0x0000000000405000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1092-6-0x0000000000400000-0x0000000000534000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1092-2-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1092-0-0x0000000000400000-0x0000000000534000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1092-41-0x0000000000401000-0x0000000000405000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1092-40-0x0000000000400000-0x0000000000534000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1208-19-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1208-26-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1844-22-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1844-38-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download