Overview

overview

10

Static

static

3

5d39c478f0...18.exe

windows7-x64

10

5d39c478f0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 18:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d39c478f0145bb812ab8e15ca27776e_JaffaCakes118.exe

  • Size

    151KB

  • MD5

    5d39c478f0145bb812ab8e15ca27776e

  • SHA1

    e51d5ce3c3bc6d01eaf111256638c81c08d68a88

  • SHA256

    f9d2b4e309b44bd27eaa1e96c742a920005ee413d78bfadcede266eac1b6630f

  • SHA512

    f7881b6f346f738af0ed16d9e2fea5a2961fd6b693ace83c5a641e4d2f5545a67d299c57f482f556eca7792e2351ec7fd8d8fefbe31fa7cd36300ccef8cdf06c

  • SSDEEP

    1536:RWn4kas/dkOHV/CQt2IP2Wce3ZPDobiUvrxkaSv5uCO8vGiXRsT3LPaVZ11h2lKx:RA4QkwFtd+WceJPUvruuH7PaVjZ9CjA

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d39c478f0145bb812ab8e15ca27776e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d39c478f0145bb812ab8e15ca27776e_JaffaCakes118.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:328

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\autorun.inf
          Filesize

          126B

          MD5

          163e20cbccefcdd42f46e43a94173c46

          SHA1

          4c7b5048e8608e2a75799e00ecf1bbb4773279ae

          SHA256

          7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

          SHA512

          e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

          Download Submit

        • C:\zPharaoh.exe
          Filesize

          152KB

          MD5

          265f25a8d425c3d57a9a1eee3d494199

          SHA1

          130aa27e082b055f7cc2c5d2c281d52405c72684

          SHA256

          b8e973021b4c014d15c3858f6bd6b240c97c8d5b6153ec3b85c30e9e3ee079f3

          SHA512

          ef80ee1e9e2201588bf62f010cecdf66707f062b7abec14de6ef83a83467f9c08763012a3a4258c93dc649a5136517f0f6cd7827ab55e020eb7304f57ae64121

          Download Submit

        • F:\zPharaoh.exe
          Filesize

          152KB

          MD5

          3c2f2784d8feef13d1520b755a61f829

          SHA1

          9a004f2bd43feba95b1845bbf592fd10681b08af

          SHA256

          f37627e3141926b2763a8a241e3897130563f29ca0b8085db35cc9eb768a3dcb

          SHA512

          5c3346e71df9893d1bd2cabfe25081ae33401659488a24751df7c38297e5cf606dbf0d2e73209def96b21002e4613386b40dd09507246fa614b972a6a905d915

          Download Submit

        • memory/328-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/328-30-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download