Overview

overview

10

Static

static

3

4810616fff...18.exe

windows7-x64

10

4810616fff...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4810616fffc09fee02fe74dcd2a815a5_JaffaCakes118.exe

  • Size

    160KB

  • MD5

    4810616fffc09fee02fe74dcd2a815a5

  • SHA1

    cafd4549db343f3b42d79c0dcba28405e89e0d60

  • SHA256

    43e69a979948cb04d3c6b44a2d02b14f12f46585c4190f024b0eb36b11910396

  • SHA512

    bb0f45e19501072460a923e2e1b1c9c8c1569c21abc32d2d77ce46957c6bf5d686e2602d7bbdb7b40edacec497e6962c5732217080dde68d9db47e82eb1f2ba6

  • SSDEEP

    1536:jkASntsE4/sJn3jFuMi/gCM3HUoTRHrhkXzX25DmQFZil0Bkdf:jkASntOgnTFE/gXHVTRHauDmQil0I

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 53 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4810616fffc09fee02fe74dcd2a815a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4810616fffc09fee02fe74dcd2a815a5_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Users\Admin\AppData\Local\Temp\4810616fffc09fee02fe74dcd2a815a5_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\4810616fffc09fee02fe74dcd2a815a5_JaffaCakes118.exe
      2⤵
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      PID:4908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.url
    Filesize

    156B

    MD5

    634e6674303cde2758e454e720db3cd0

    SHA1

    c371127f5767eff47aa3fedcf354c98cef77c646

    SHA256

    07893e9a6d35f09e1bfdd0a7d7400fc6ecd93524521c254c9fae112bac7d61bc

    SHA512

    21afe751659274b067b0a0d1d48d679a703e1820f497c386aab3248896f4e26415d2a729c1a474c60e1e5dfdd21f3501eb84b9f38596540c96df0de9855c0992

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÌÔ±¦-¹ºÎï.url
    Filesize

    160B

    MD5

    f589662b0e1f342a86486f47a90481d4

    SHA1

    bcabcf97418807f34bf42ffd66e0255cb3fc1d33

    SHA256

    b6794638644f7bb04633183a7a1ab0c8f33e946b3d43dcfe60377ba33c1ac435

    SHA512

    7c3da4b548cf54f3cf38ad385faa31d71efc08c05ac309c35e21f5e55406758d9a5f96578c17dc151d8d8945650aaa0c3018c6cf7c5678839e20bf0ad0ea05b2

    Download Submit

  • memory/4280-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4280-18-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4908-16-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4908-17-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download