Overview

overview

8

Static

static

1

5d175b6970...18.exe

windows7-x64

8

5d175b6970...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d175b69708ca9018015a8c70b6f4f06_JaffaCakes118.exe

  • Size

    65KB

  • MD5

    5d175b69708ca9018015a8c70b6f4f06

  • SHA1

    8fc13c53ac7980e93d35f97f6a3b30106d165930

  • SHA256

    d6a680360610f916a8763de2003f54886cbafa0b7114b8550cceff788466f094

  • SHA512

    79cdbcf0b3af5f6149d8ad377532ce11bcd364346506a49d4ceae13b34da86d86f92a9dda53f1741792856153e63f9b0a715dd53d0279ad60d29aafba29d2b5f

  • SSDEEP

    768:fwUUnDDUCFSxcXgy/jT5GKu826WGOtDMXvgWHSBtEn5+6FmVtqLjC1oBZJX5naRM:XoUigy/X1huDMDRn1qAdBZJkaWW/L

Score
8/10
persistence

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d175b69708ca9018015a8c70b6f4f06_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d175b69708ca9018015a8c70b6f4f06_JaffaCakes118.exe"
    1⤵
    • Server Software Component: Terminal Services DLL
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:3028
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -kcpquub
    1⤵
    • Server Software Component: Terminal Services DLL
    • Deletes itself
    • Loads dropped DLL
    PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\xbylcv.dll
    Filesize

    44KB

    MD5

    2406cfbf97de41766814f0f0d29063cc

    SHA1

    437ab3d82dbcd3ee6c0688886d46764e95c52edd

    SHA256

    a9133c3c161ab109f0c23cb6d2291a631664f8accb8a51ef94e36ab1d837f122

    SHA512

    1475c78462776c1b5ed906b85d4a6d84387d8fd22c47d5554ac18a451d0a0142ead2096000a75fc97daa6a5505f8503559067982f584c9112c0d9d8c60e4ebf1

    Download Submit

  • memory/2904-15-0x00000000009E0000-0x0000000000A8C000-memory.dmp

    Filesize

    688KB

    Download

  • memory/2904-18-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2904-13-0x0000000000550000-0x00000000005F0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2904-16-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2904-17-0x00000000003D0000-0x00000000003D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2904-14-0x0000000000360000-0x00000000003B7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/3028-6-0x0000000000360000-0x0000000000400000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3028-12-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-9-0x0000000000520000-0x0000000000522000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3028-8-0x0000000001EC0000-0x0000000001F6C000-memory.dmp

    Filesize

    688KB

    Download

  • memory/3028-7-0x0000000001E60000-0x0000000001EB7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/3028-0-0x0000000000400000-0x0000000000406200-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-5-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

    Download