Overview

overview

10

Static

static

3

5b48a26b6f...18.exe

windows7-x64

10

5b48a26b6f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b48a26b6fd4dfd153fc64d7939cd7f6_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    5b48a26b6fd4dfd153fc64d7939cd7f6

  • SHA1

    be73425215a7012cdb167553bbf60c5d99c5567f

  • SHA256

    84abfda09efe8c84e4d64af4e528aad92e09978d8e245c78679882a9b049ef9e

  • SHA512

    16f803ef2ea6f2758d91b3512438b516fd2e34d6cb54d287f86b5e4cb0c8804747030037013b0a3eb5471c99636bf0757dd72e849ce53cd9401b7c31ff7a52f8

  • SSDEEP

    6144:sUi3dwqsNwemAB0EqxF6snji81RUinKchhy+S3n:YdQQJsZ3

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b48a26b6fd4dfd153fc64d7939cd7f6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5b48a26b6fd4dfd153fc64d7939cd7f6_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\koxer.exe
      "C:\Users\Admin\koxer.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\koxer.exe
    Filesize

    240KB

    MD5

    d7046c4a7cd137ee544c87b5c27ff1d1

    SHA1

    691edc672312b1e7862ca0ed01cb481ab0a5ccf3

    SHA256

    7341ef52285f8593e82111fe73a6a75ce9bdb2d89d96fbe14282e31361548a2a

    SHA512

    e9771002d8b23cffc9c0e1c7235d5370a8adfbbcc96d8461cf46f15bceeb9cf92f89e97f71a4e4f4b05d74b84e767212edba3b74a31d74db00f780fc7ef3abb3

    Download Submit