Overview

overview

7

Static

static

3

5a9802a334...18.exe

windows7-x64

7

5a9802a334...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a9802a334cfe538cb555e3104eae0f5_JaffaCakes118.exe

  • Size

    691KB

  • MD5

    5a9802a334cfe538cb555e3104eae0f5

  • SHA1

    4331a0545dbe44d18a002f117743e5e824a36a86

  • SHA256

    10c13991c1a80e12eb133fe71677a60afb37a9ac0583455fb16997b77ddd459e

  • SHA512

    a6b251cb9383e700d62fdad2b60b932c0a16d5157bb85afb42159988c1492009e38902739698f638e53b7b63ce17bdd10e56adc5fbfd5c649e91420437f14152

  • SSDEEP

    12288:6T+2Sn7kkdfjNX4AH6NiCyTB01eu5dF3Z4mxxcWz8eH7ZUveuOLOIq:6TJUH6NiCyTBc9dQmX7zvaWuOL5q

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a9802a334cfe538cb555e3104eae0f5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5a9802a334cfe538cb555e3104eae0f5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2752
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      Filesize

      788KB

      MD5

      c4948695d13933c2bf43d2951672587d

      SHA1

      5d5f6e35de4b9af76c777fd4104c176b3f9c45be

      SHA256

      9f82f34b2f0614639d420024a87dadb52ed58965400b8c69ce25f5e9ce9c4383

      SHA512

      33ace781bb5b63995cebc820bf589e9539bb66308d816a9fc8d71fefdfa25807e9cdcf0cc90eca12de7499cdf6451b1c812b7a52b6c8763bcd5b2d1804bdbffa

      Download Submit

    • memory/1680-0-0x0000000001000000-0x0000000001112000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1680-1-0x00000000002A0000-0x00000000002F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1680-5-0x00000000001E0000-0x00000000001E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-9-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-8-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-7-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-6-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-4-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-3-0x0000000000200000-0x0000000000201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-2-0x0000000000300000-0x0000000000301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-31-0x0000000000D90000-0x0000000000D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-56-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-55-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-54-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-53-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-52-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-51-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-50-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-49-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-48-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-47-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-46-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-45-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-44-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-43-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-42-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-41-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-40-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-39-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-38-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-37-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-36-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-35-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-34-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-33-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-32-0x0000000000D80000-0x0000000000D81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-30-0x0000000000D20000-0x0000000000D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-29-0x0000000000D30000-0x0000000000D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-28-0x0000000000D50000-0x0000000000D51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-27-0x0000000000D70000-0x0000000000D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-26-0x0000000000380000-0x0000000000381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-25-0x0000000000D00000-0x0000000000D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-24-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-23-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-22-0x0000000000360000-0x0000000000361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-21-0x0000000000370000-0x0000000000371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-20-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-19-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-18-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-17-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-16-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-15-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-14-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-13-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-12-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-11-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-10-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1680-74-0x0000000001000000-0x0000000001112000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1680-73-0x00000000002A0000-0x00000000002F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2752-71-0x0000000000400000-0x00000000004CE000-memory.dmp

      Filesize

      824KB

      Download

    • memory/2804-75-0x0000000000400000-0x00000000004CE000-memory.dmp

      Filesize

      824KB

      Download

    • memory/2804-80-0x0000000000400000-0x00000000004CE000-memory.dmp

      Filesize

      824KB

      Download