Overview

overview

7

Static

static

7

5db7d3ef82...18.exe

windows7-x64

7

5db7d3ef82...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5db7d3ef8221e3e889ab06a4a6ea62ea_JaffaCakes118.exe

  • Size

    359KB

  • MD5

    5db7d3ef8221e3e889ab06a4a6ea62ea

  • SHA1

    28708fdb108c7d2796ce9d1957e6a530e05e36b1

  • SHA256

    833e1f72f81961936e94afb1eb88f544f1f7eeb4be15bcd42aeaa7924d94664b

  • SHA512

    2712b8bf30f840fc383143f4fff82453f8720fa28c7426a8ef9bc04c00ae73d006a79f5a3736bd92316a0d163cea52c0872262903acd0e09caa9551188a6fb27

  • SSDEEP

    6144:ZgRyiIWQFpUv4/B+FrM144XlzKlUAzYYbuewX79GtPuB8PxwPh79i5s/CoS9iP6V:3iMCv45+uK4VKXknewr9GBY85wPTi5sc

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5db7d3ef8221e3e889ab06a4a6ea62ea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5db7d3ef8221e3e889ab06a4a6ea62ea_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\GetRightToGo\5db7d3ef8221e3e889ab06a4a6ea62ea_JaffaCakes118.data
    Filesize

    802B

    MD5

    ee0b0522069d800dd4b7298683d3dcc5

    SHA1

    f26f2d5fd03d80bc18164c83d6b72ca5edcf305b

    SHA256

    77961745fe3fb4049028d2d85b3a75f871412a8abbbfe9a0110c4cb8ef980a5c

    SHA512

    61339c2753109a51225c8c38d8948c6b411e13887e6efc736bec439c9d28b6d57ff3f89877be86e3ac4b71a465591089a930d6a95aef48b28789205ba044f185

    Download Submit

  • C:\Users\Admin\AppData\Roaming\GetRightToGo\5db7d3ef8221e3e889ab06a4a6ea62ea_JaffaCakes118.htm
    Filesize

    635B

    MD5

    33f09577707d079a40f706a18e126d92

    SHA1

    0cef1f55b72a84e584a51e79a6787ea78d74a603

    SHA256

    e7f6bd122fcb829793f4047a5b929668b0a91ebfe31247b479586ec6d8f2b378

    SHA512

    5538c5b4e538a97796bfc412b3a81449931a9bbc1fa4e69500a0b30b35c1259bda857f392d85d87893999098bc88a432f28d2f699fadc295709a75b8113933cb

    Download Submit

  • memory/2080-0-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-31-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-36-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-37-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-42-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-44-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-51-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-52-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-53-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2080-60-0x0000000000400000-0x000000000050D000-memory.dmp

    Filesize

    1.1MB

    Download