Overview

overview

7

Static

static

3

5c37f62538...18.exe

windows7-x64

7

5c37f62538...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 13:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5c37f62538c8647b0d468665cfbebb0e_JaffaCakes118.exe

  • Size

    684KB

  • MD5

    5c37f62538c8647b0d468665cfbebb0e

  • SHA1

    d3568984757a0dd2af9f494c648949d0ab118d48

  • SHA256

    f84371debe164427c72924c109c009d85121e5723a704a68e5b84433dbfd34d3

  • SHA512

    3eac285bb400cd369bbe9faa951c92b78fedca1ac5867624934a60ebeafbc01771747baa498ca4ca2e0c191cd59709bc567c836675b7584ea709c1a7c168f53c

  • SSDEEP

    12288:eMrlxGP1kPo2434MmvIPBFI3WTIU3FowZF3Z4mxx+UUq9U9s+K85E:5rlxGtzQhI5a3WMUnZQmX+JKKKP

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c37f62538c8647b0d468665cfbebb0e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c37f62538c8647b0d468665cfbebb0e_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2836
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:4884

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
            Filesize

            744KB

            MD5

            07dd9998db4fc64f70a43cc5b55bf37e

            SHA1

            a6bd9096ae55ac2cb4848c948f004a3a6655626e

            SHA256

            d94e424cd257651862e69dcc09c7f1926fe4004a5c09f9d93045d5891f13cb97

            SHA512

            7154e058da403cf806286564f1af75ae2d735d96c97468febc0db97bcd9540e6e0eb707b0499c84d42237f8c702e84089ec3da62c1d13c4424a05f332f6f9b93

            Download Submit

          • memory/2476-9-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-1-0x0000000001063000-0x0000000001064000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2476-3-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-4-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-5-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-0-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-2-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-12-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2476-21-0x0000000001000000-0x00000000010BA000-memory.dmp

            Filesize

            744KB

            Download

          • memory/2836-15-0x0000000000400000-0x00000000004C2200-memory.dmp

            Filesize

            776KB

            Download

          • memory/3404-18-0x0000000000400000-0x00000000004C2200-memory.dmp

            Filesize

            776KB

            Download

          • memory/3404-22-0x0000000000400000-0x00000000004C2200-memory.dmp

            Filesize

            776KB

            Download