Overview

overview

7

Static

static

7

5fd368885c...18.exe

windows7-x64

7

5fd368885c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 08:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5fd368885cb91f4cd337f74d525d46ff_JaffaCakes118.exe

  • Size

    17KB

  • MD5

    5fd368885cb91f4cd337f74d525d46ff

  • SHA1

    7cb8c5a5797ad13e8f1d44bd06d9a24feb936a00

  • SHA256

    c4b8bf25a8898bff2d3e288a57f41cb39b2b5f8068a0c5148cf2247f6661d18a

  • SHA512

    06961e0e3f17c2596f93e5eaca6697cf8710ae81d40b98c55df614e9dc8a2775482d66ea128c18d07e844242496d34e2309586800639fef9fd23cf2ecd060861

  • SSDEEP

    384:d2+K6bbrt1N/FG8siZLkekmWPD6uFrHnU0LBQPjpm3IbBUvhb:zt1N88pkekmWPOu6SBM4YbUl

Score
7/10
persistenceupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3448
      • C:\Users\Admin\AppData\Local\Temp\5fd368885cb91f4cd337f74d525d46ff_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\5fd368885cb91f4cd337f74d525d46ff_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3080

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\nmhgtce.dll
            Filesize

            36KB

            MD5

            e8cafb449a6ae6a7ab38fad46da6b6eb

            SHA1

            795bd644ee9d491ebdd1508894cb20501200a68a

            SHA256

            b25780948c5d28144948d1198f3114714e7f4e3402a624c7f231ea9a404f220c

            SHA512

            9a8321b5b260a31b62573d4c44f277bcc51e0ae36a823f05ecd82f376d7b1255badeeea50c49dafd8325a099d05706b017f1b82cb3a165f42e77fb8c770e1f56

            Download Submit

          • memory/3080-0-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3080-8-0x0000000000580000-0x0000000000581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3080-6-0x0000000000570000-0x0000000000571000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3080-13-0x0000000000402000-0x0000000000403000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3080-14-0x0000000000400000-0x0000000000410000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3448-3-0x0000000000B00000-0x0000000000B01000-memory.dmp

            Filesize

            4KB

            Download