Overview

overview

7

Static

static

3

4ce183df03...18.exe

windows7-x64

7

4ce183df03...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2024, 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ce183df03d9564fe99bfc50793398ce_JaffaCakes118.exe

  • Size

    620KB

  • MD5

    4ce183df03d9564fe99bfc50793398ce

  • SHA1

    4d2085b5ffab0b8bfbe7bb3726f96f90f1a832de

  • SHA256

    913084a5e4351ee9f1297d5eb1535b56e9e5b427b7da564977897aa4647f5955

  • SHA512

    a5363a1dcacf854c0f5ef5392d5b4e76466efaeafe9a13c5ecdd39ed4d9357941ab36255649822b92b9ef710cefd9ccf4c67c018a6f9690f8b32433123cd68d7

  • SSDEEP

    12288:q858R0hBq99K7CXEBKF2F3Z4mxx+OxTnf2Cc6FqVHqq4:r20Go7/MF2QmXFV7c6EVHqq4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ce183df03d9564fe99bfc50793398ce_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4ce183df03d9564fe99bfc50793398ce_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:4188
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
          PID:3504
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 12
            4⤵
            • Program crash
            PID:3972
        • C:\program files\internet explorer\IEXPLORE.EXE
          "C:\program files\internet explorer\IEXPLORE.EXE"
          3⤵
            PID:2936
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 700
            3⤵
            • Program crash
            PID:3988
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
          2⤵
            PID:1868
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3504 -ip 3504
          1⤵
            PID:920
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4188 -ip 4188
            1⤵
              PID:116

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat
              Filesize

              212B

              MD5

              bdaadb76fd55f35a34abf5c2b61395e2

              SHA1

              d180680ad04c9c5a28410dd9b6b9f6309b304475

              SHA256

              306d9ae60efd826e7bc6516db6dd1f4231860531b830c3a2c800674e8c84758a

              SHA512

              ba41ce60838a2cd4126643ebe4946ef2d0e86d151694dd33b413fdc48a3523a96d869599d54d3c9ca327609e2b375ac28b011bf203fa3f08ca7f1127f186f607

              Download Submit

            • C:\Program Files\Common Files\microsoft shared\MSInfo\Server.exe
              Filesize

              620KB

              MD5

              4ce183df03d9564fe99bfc50793398ce

              SHA1

              4d2085b5ffab0b8bfbe7bb3726f96f90f1a832de

              SHA256

              913084a5e4351ee9f1297d5eb1535b56e9e5b427b7da564977897aa4647f5955

              SHA512

              a5363a1dcacf854c0f5ef5392d5b4e76466efaeafe9a13c5ecdd39ed4d9357941ab36255649822b92b9ef710cefd9ccf4c67c018a6f9690f8b32433123cd68d7

              Download Submit

            • memory/3504-48-0x0000000000400000-0x0000000000516000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4188-55-0x0000000000400000-0x0000000000516000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4188-44-0x0000000000400000-0x0000000000516000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4416-21-0x0000000003590000-0x0000000003591000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-17-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-34-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-33-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-38-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-32-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-31-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-30-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-29-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-28-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-27-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-25-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-39-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-26-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-24-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-22-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-23-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-0-0x0000000000400000-0x0000000000516000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4416-20-0x0000000003590000-0x0000000003591000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-19-0x0000000003590000-0x0000000003591000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-18-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-35-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-16-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-15-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-14-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-13-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-12-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-11-0x00000000034A0000-0x00000000034A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-9-0x0000000002530000-0x0000000002531000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-6-0x0000000002390000-0x0000000002391000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-5-0x00000000023A0000-0x00000000023A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-4-0x0000000002520000-0x0000000002521000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-3-0x00000000024D0000-0x00000000024D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-7-0x0000000002510000-0x0000000002511000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-2-0x00000000024F0000-0x00000000024F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-36-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-37-0x0000000003490000-0x0000000003491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-10-0x00000000024C0000-0x00000000024C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-52-0x0000000000400000-0x0000000000516000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4416-53-0x00000000022E0000-0x0000000002334000-memory.dmp

              Filesize

              336KB

              Download

            • memory/4416-8-0x0000000002500000-0x0000000002501000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4416-1-0x00000000022E0000-0x0000000002334000-memory.dmp

              Filesize

              336KB

              Download