Overview

overview

7

Static

static

7

59d3ed4cac...18.exe

windows7-x64

7

59d3ed4cac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59d3ed4caced565b0e1041581350cbd5_JaffaCakes118.exe

  • Size

    314KB

  • MD5

    59d3ed4caced565b0e1041581350cbd5

  • SHA1

    f5b8728aa766ee090d0cb97b7e7fbe26664d3b27

  • SHA256

    bf0980310e53af2ee700281132d015f3491675f4a0c9d7e1d3147def3d05e3af

  • SHA512

    54b284ab7b91b89e5ec708d8796fa51cb1eb4237c28df254216bdbd0805a8613450b61e984728d777bc03703ed938d27081ad25b65ca244ba71f91d574000e9f

  • SSDEEP

    6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lpI4wz9JjL:EHLUMuiv9RgfSjAzRtyOJjL

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Users\Admin\AppData\Local\Temp\59d3ed4caced565b0e1041581350cbd5_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\59d3ed4caced565b0e1041581350cbd5_JaffaCakes118.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:932
        • C:\Users\Admin\AppData\Local\Temp\server.exe
          C:\Users\Admin\AppData\Local\Temp/server.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\server.exe
      Filesize

      29KB

      MD5

      bcb728d1834da27726012fff2b8ca38e

      SHA1

      14a0e415507f701392f773734970fe8c38536fe4

      SHA256

      fc0a745e2da9ff8fe3672fb98f894af040e2382d6bdef6334e482324c64b0455

      SHA512

      8841588f5aaa8cc3a762707068b88ca25653b2715fa426813086b33afb52e3c70addef40cb97b02a6b09408e0d2d1a77b367e5c99a88a81edcf8071f2691bfb5

      Download Submit

    • memory/396-9-0x0000000000400000-0x00000000004083A0-memory.dmp

      Filesize

      32KB

      Download

    • memory/396-12-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/396-17-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/932-0-0x0000000000400000-0x00000000004B8000-memory.dmp

      Filesize

      736KB

      Download

    • memory/932-11-0x0000000000400000-0x00000000004B8000-memory.dmp

      Filesize

      736KB

      Download

    • memory/3436-13-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/3436-14-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

      Filesize

      4KB

      Download