Overview

overview

8

Static

static

3

5a3f73137d...18.exe

windows7-x64

8

5a3f73137d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a3f73137d4f161e86bb4c9e5d64529d_JaffaCakes118.exe

  • Size

    134KB

  • MD5

    5a3f73137d4f161e86bb4c9e5d64529d

  • SHA1

    7e0b931bec998f385da263407c70656828f13023

  • SHA256

    16e267e9d60c4fbc377c525d8c45c0116d149435fc3f16d45e3fa01579f74de6

  • SHA512

    8cdaaa4eebb030025edd9f0be229b54a0f40c905e9bb9df8ac78be6ba3b1eb95c04bae48857539a81a541b35cb575472972e3f5d224b65736c1971f6e81ec26f

  • SSDEEP

    3072:YAQ0n/T3dRweSmo/c9Ad+8AQdURjzT0hMgFcEEwR:RQ0n/TseQU9yAoFD

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 32 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a3f73137d4f161e86bb4c9e5d64529d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5a3f73137d4f161e86bb4c9e5d64529d_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\MicrosoftOperating.exe
    Filesize

    134KB

    MD5

    d7e8908b0ef69040b68720dd2262aaee

    SHA1

    79f173d0074357607df8506697857b2eaf29a9f9

    SHA256

    55bd8cf1354af1f97b868b849168fff6b8eea8a4ebc65e7836e479a1da943f22

    SHA512

    bde3ceec3882c1b1f2059fc2bc84ce25bd5396f45d5f6c29d20696464dfce1cbb5773e5b84661d485c20b16e5a729258e301ef9250876a997e4d5fd6ca728c1b

    Download Submit

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_80203\Platformjava8.0.3810.9.exe
    Filesize

    134KB

    MD5

    5a3f73137d4f161e86bb4c9e5d64529d

    SHA1

    7e0b931bec998f385da263407c70656828f13023

    SHA256

    16e267e9d60c4fbc377c525d8c45c0116d149435fc3f16d45e3fa01579f74de6

    SHA512

    8cdaaa4eebb030025edd9f0be229b54a0f40c905e9bb9df8ac78be6ba3b1eb95c04bae48857539a81a541b35cb575472972e3f5d224b65736c1971f6e81ec26f

    Download Submit

  • memory/4996-0-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4996-1-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4996-2-0x00000000005B0000-0x00000000005D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4996-3-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4996-4-0x000000000041B000-0x0000000000442000-memory.dmp

    Filesize

    156KB

    Download

  • memory/4996-5-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4996-581-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4996-583-0x0000000002220000-0x0000000002221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4996-584-0x000000000041B000-0x0000000000442000-memory.dmp

    Filesize

    156KB

    Download