Overview

overview

10

Static

static

3

5d9b359d58...18.exe

windows7-x64

10

5d9b359d58...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 20:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d9b359d584c849575415500836ea35c_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    5d9b359d584c849575415500836ea35c

  • SHA1

    d570b436374ea6228df11c247adf4425d6f7aa67

  • SHA256

    42c55675d0d42376758ae4d43e8b9ed4e08e422101ea55bf83abf6e2e864b8ed

  • SHA512

    cba40c79c73dfd35991990493bd41aaa3ecb529ff4e8e599b0070ecf3a1370fb9d14a426037160f06ce8106b17d249a717f8f676dec62a90c6ddc939af5304f2

  • SSDEEP

    3072:8K3gJd1dYt+Vvu/5gEsSy8dH0pLaATo4ti6YcmE5j4oQ:X2SqvuTD0pLa2o4FY4d

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d9b359d584c849575415500836ea35c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d9b359d584c849575415500836ea35c_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\ceujuf.exe
      "C:\Users\Admin\ceujuf.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2816

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\ceujuf.exe
          Filesize

          156KB

          MD5

          4b7d4c92f99eedf7487af0cc46f2a83b

          SHA1

          d1e45b70dace650deaa9a50530cdead0b657dbd6

          SHA256

          89da6c88b015e3010900b3f9f9369aa919e2b65781726e604100a163845c0c16

          SHA512

          20a33bbb3dc05624ce3af6023fdb91730fa264d075cbf1183c1efa8b17528c2baa9a5eb42f69a48b3a88d3b38ec8207083aadafc024bd6aeb1087bf3c5190ab0

          Download Submit