Overview

overview

7

Static

static

3

483483ce7e...18.exe

windows7-x64

7

483483ce7e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 04:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    483483ce7e588fe81a7bd465cf153d3a_JaffaCakes118.exe

  • Size

    18KB

  • MD5

    483483ce7e588fe81a7bd465cf153d3a

  • SHA1

    ecd66b4caead835db9b89f5c35822396376c1d84

  • SHA256

    b332eb52aec5711a2456c51ec74ca3f53c0764d377cd7f1ef6ec4d6739b53f8b

  • SHA512

    32af7bec33d385ecad64e75cc7a35c1bed9cb5b9ee7127031fcf6daa0ea6ff0bab0700b6c481f94d41f87c497b4a508c59a2c3f65aa1d8d5a900a9b3d5c59145

  • SSDEEP

    384:FrHKdQpmZVIAgKxwWI8GVF0/zFopV5WeMkJ05HBj300:ZoQpmnIAXsVFjpV5NMmq

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1256
      • C:\Users\Admin\AppData\Local\Temp\483483ce7e588fe81a7bd465cf153d3a_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\483483ce7e588fe81a7bd465cf153d3a_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2904

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\cmdbcs.dll
      Filesize

      31KB

      MD5

      02bb84e23e092792919da6a818c445f6

      SHA1

      2b49bd09c9998444e6a6144f23ed6b8804fde957

      SHA256

      f7b203d2221f096bbb7ef12850695409b103edfd0f64e28fad466a79886f6384

      SHA512

      cd3786dfb864f6270c89c127d9e6921c6bf89757f3cf8620aea0ba78b9e6e566dd1c290cb6bb0ceb380685b63587d8503429e3e4686c078e84dcbb0cf160834d

      Download Submit

    • memory/1256-3-0x0000000002490000-0x0000000002491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-0-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2904-9-0x0000000076531000-0x0000000076532000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-10-0x0000000010000000-0x000000001000B000-memory.dmp

      Filesize

      44KB

      Download