Overview

overview

7

Static

static

3

5f05acd53c...18.exe

windows7-x64

7

5f05acd53c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 04:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5f05acd53cfd91fb4dba3660ad1e3add_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    5f05acd53cfd91fb4dba3660ad1e3add

  • SHA1

    e3b5561d3c4f88c09f818554f98cc107855a74c2

  • SHA256

    962810f908daab4ed0796ff563433eb65a60507d23089ad4c9b25ccf2c8c7837

  • SHA512

    4d51d6b5866f292858b83177fb8ff93aca2ae7da50e75e6f5f471aff793b1236d1e9daa09d357b61f9941232038933d66deddaec9e160e4f90ca5a538f95d899

  • SSDEEP

    3072:HhHrC+oLYhOE/zdJTbrYpXUJ8/eCn3AkSxj9MrOQUvH695L:HNr/ochd/zdJTbrQUu/v3RSZE

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f05acd53cfd91fb4dba3660ad1e3add_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5f05acd53cfd91fb4dba3660ad1e3add_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:776
    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\DES64v7\msieckc.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\DES64v7\msieckc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Roaming\Microsoft\Crypto\DES64v7\msieckc.exe
          Filesize

          134KB

          MD5

          cd3aeff3114f49e032d99bc26ae3a00c

          SHA1

          39cb94ce5ae75c43dc1999fed148dad8f56dc5fb

          SHA256

          b662f0d6d06fa5e6dd51a3d0c4ea3be38210200443c4f6250c3c7b7d8a9a9911

          SHA512

          ff7535859a140a92ccf7cbdae1041b017a9554947fd5f671458c8f05340c64b64954d8865b837e012b6f1697ab6ee9e988134e868292ee0b7b58ee3d3d01c99c

          Download Submit