Overview

overview

8

Static

static

3

46bc5106f5...18.exe

windows7-x64

8

46bc5106f5...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe

  • Size

    6.3MB

  • MD5

    46bc5106f5fe4f052ef7e81e72ef9e00

  • SHA1

    9c8d40e37c12ff826fe40bb754a9545540bb5cb4

  • SHA256

    e05b109dfccf2a012f2ca7103698e49716162b3a2167999cbaacb09e4befe26d

  • SHA512

    109eaa056f06c6fd7df04d523a65a1e21501f0b64d1e2089423d09733e9a63d394a4702220d9a1575af17a72ca569302c2908eed7f5b8ae11c1f44d16c868502

  • SSDEEP

    196608:PXY0CVT4ID7vg/w3fmuSyiMNRIdT4OQ4HA:QNVcIDTuw3fmUzRIZnA

Score
8/10
evasion

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\46bc5106f5fe4f052ef7e81e72ef9e00_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\mp4.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Windows\SysWOW64\attrib.exe
        attrib +s +h CONFIG.exe
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:2012
      • C:\Windows\SysWOW64\attrib.exe
        attrib +s +h mp4.bat
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CONFIG.exe
    Filesize

    7.8MB

    MD5

    6689d1437f7955660e6ff092cc31af66

    SHA1

    3dc878925f5bd915c82ff7e616da978ff43cc4af

    SHA256

    f271e8caab4a44a98d9afe125b805ee6d676e07a25524b459414430574521f50

    SHA512

    d7067387dde53985453c4e182ce1de0f17dbd89ff788b61b863ae67a413a85cdca23b7732a3a3d172d71a3b9a70501d97ad1def53adbe77012b6727d0603a113

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mp4.bat
    Filesize

    92B

    MD5

    de663029cbdea0bd94cd7dc80ed25366

    SHA1

    1c20609ac2d662f824cd24b1bed23a6715e8a76d

    SHA256

    8bd168d10029749a35b8bb6e63a8752dc8f21e75ed45c1b4395b8d59b4cc8c75

    SHA512

    7c2771d9e6d1c513427f7f6bf2eed42983a617acddc7e1655b4b56bf69b42c754fcfacc0921e8cd5e9b56d2e733cf7cedb481666801a2a0d0f53ee7de849214c

    Download Submit