Overview

overview

7

Static

static

3

5f30a44887...18.exe

windows7-x64

7

5f30a44887...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f30a44887d77ef2b49b132459d9d838_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    5f30a44887d77ef2b49b132459d9d838

  • SHA1

    b52fb37ffd170030d841713710d79792f59abd95

  • SHA256

    663209674060d85bd422a01fbfec72d43bb9f3771823fabe5dffb117012122bd

  • SHA512

    aea0941cc8da7e247ea205d44630bc49b09519645374c9c629f1c0d08f0d6bab2b08ad06102d9e409f3f5f2fcb02e6c26ceaad68617d47d2d1346c5d4ff2893e

  • SSDEEP

    3072:m+GZ5ASSXyvclqCE8l8VutkQPFyQQz70DXdbMpN/Iva8Dp:m+YoqcllLleuyQPFQz7CqNQva8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f30a44887d77ef2b49b132459d9d838_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5f30a44887d77ef2b49b132459d9d838_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c 2.bat
      2⤵
        PID:1708
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c 2.bat
        2⤵
          PID:1844

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        64B

        MD5

        21451767bf78329b0f71cb6df1067585

        SHA1

        a2f8fa04fb3391b74676f4e09e00bf9555b92789

        SHA256

        816e2542516b0938cd0f16e457a9dc3d0593c7b2012cc612bf3cf428335b9e55

        SHA512

        6c070ec70eb2d9cf9f2a01b86e902fd162ccd39f514ac9879702072fb61fc7d52bfa178fa579c055f93f27592fa9dec50673759a37f0ec4cefd963a2831840ad

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        63B

        MD5

        4d0b3d85f93acea274d2a40e1985c945

        SHA1

        3a1a64ad0e0cbbc6238f47daab253426301bc540

        SHA256

        cd0dc23716c4e42e0994a98e53935ef2cfb1b8c3b32f2512775bed74749ba92f

        SHA512

        ec3682ed902be09bc20074d9d57c8a797c10057e175bb32db91af0308e5264641d8cabe48d71b41857b4e74d83218edb0c7675ad13c63165518e5a15fdd3bff1

        Download Submit

      • \Windows\Help\B41346EFA848.dll
        Filesize

        117KB

        MD5

        191ce92ecbe4d75815382cc722b38ca8

        SHA1

        af25f22dd721589fa7c114e609c3a28c902faf9d

        SHA256

        1bbba303132b87e6e749a3c9548992c9b8493df111aaa365e31d3e3e88c5118c

        SHA512

        b2c1ab3e269b676816da9478d93272bca3798d7afe7f79414bd1de638e73bf097b2a018d6c1e13054fea0064bd50e8ea999b9da5ffcb3c8acf7e3aa2c4f76888

        Download Submit

      • memory/1956-1-0x0000000000400000-0x0000000000431000-memory.dmp

        Filesize

        196KB

        Download

      • memory/1956-21-0x0000000000440000-0x0000000000490000-memory.dmp

        Filesize

        320KB

        Download

      • memory/1956-22-0x0000000000400000-0x0000000000431000-memory.dmp

        Filesize

        196KB

        Download