Overview

overview

7

Static

static

3

4db5a25286...18.exe

windows7-x64

7

4db5a25286...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-07-2024 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4db5a25286610d5fe027116fffdc1a4e_JaffaCakes118.exe

  • Size

    456KB

  • MD5

    4db5a25286610d5fe027116fffdc1a4e

  • SHA1

    94ca8285a469f22d523f28162b3c3d81b4a1a529

  • SHA256

    17fe35d1dcbd4520e9557269bb44481135e6f614750365e4fba789de7eedcb34

  • SHA512

    06b803afefb968d0217975d5d074515b69257aa678c15820759864c02e2ffbd106f1bfed7d92f317d65b673197b3b9938de4f848ced3bf004679e5c9ca965458

  • SSDEEP

    3072:4tZYmy5Jk7dRz1iASs/rYo752KsCp7a/EliKxfJkxbPL1dypZQaSJVr+1Oj:eYmy5JmRz1iAJByGxw1dy7QaSDrY

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4db5a25286610d5fe027116fffdc1a4e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4db5a25286610d5fe027116fffdc1a4e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4340
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\\MoveFile.bat
      2⤵
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:3408
      • C:\Windows\SysWOW64\PING.EXE
        ping -a 127.1
        3⤵
        • Runs ping.exe
        PID:3220
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.1
        3⤵
        • Runs ping.exe
        PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MoveFile.bat
    Filesize

    303B

    MD5

    049dde06b68aa233397d7f3920d99f87

    SHA1

    b390ccd3ce21fee479347aafdc2c1f7376c35195

    SHA256

    3baef4bd14ce9bc9dd1947c17817ae2d1e02820036ef01bd823cd4254afd36ae

    SHA512

    1d3c1fa4b4ff3f45a9d3771bd74de3710e907bdcb540444e057964b91f3f43dc198188657d17f18cf5842e07fd878eb1be3d9096d1f514c61a374f3bffa198a4

    Download Submit

  • memory/4340-0-0x0000000000400000-0x0000000000472000-memory.dmp

    Filesize

    456KB

    Download

  • memory/4340-5-0x0000000000400000-0x0000000000472000-memory.dmp

    Filesize

    456KB

    Download