Overview

overview

7

Static

static

3

4be9848c41...18.exe

windows7-x64

7

4be9848c41...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 23:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    4be9848c4178e0d30c8acc6e4a161ce4

  • SHA1

    da5ee0b7573cf4ef3894e396b2aa3a600aae9151

  • SHA256

    b22fceff66fe3e3e699749f7f86cdac12fc6ca773772257673fcb78ab407fa13

  • SHA512

    0a37343d6172eaea0e72c80faabebb205284d092edb9c956696fa858c450c9cc17649a1c8b973c88fb5ca5a74fec542983a4222a9f39cd5a8dae59ae0e8c7736

  • SSDEEP

    49152:o2U7A7Jh5DZdAT/VtvQQLS0R7nPrIApnZf+KEnZHw3JGz8:F3Jh5D/iLS0xTzVh6eA8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Users\Admin\AppData\Local\Temp\is-5BDLA.tmp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5BDLA.tmp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.tmp" /SL5="$400F2,1863723,52736,C:\Users\Admin\AppData\Local\Temp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-5BDLA.tmp\4be9848c4178e0d30c8acc6e4a161ce4_JaffaCakes118.tmp
    Filesize

    679KB

    MD5

    7e32b41e3995f623b0ae8a23e243d3a9

    SHA1

    19fa6db4d66523a22db60ecbb5164e166ac376ab

    SHA256

    2aa076a0bd108bb318b2fc7d9629add79e7b297069aceccf6245f18541114735

    SHA512

    5c7cc113ad033d0c76a018128ae66200d569bc857f3fbdff0ce038ff05ec907816007a18260d3aa2ae4f3bd63de76c11018938a625458c0d0038f6f52c000d9b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-LS89H.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • memory/2328-9-0x0000000000400000-0x00000000004BA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/2328-23-0x0000000000400000-0x00000000004BA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/2860-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2860-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2860-22-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.