Overview

overview

8

Static

static

3

6533546b5c...18.exe

windows7-x64

8

6533546b5c...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6533546b5ce56769d5856854c5c2b1eb_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    6533546b5ce56769d5856854c5c2b1eb

  • SHA1

    a61ee6fee49eb9a645cd254c15c370fa8e8c407e

  • SHA256

    dd1787e0d0f3b17d4c7d9bd2b9b2597ecba94feb5beada587ffcdc9b8e6479ae

  • SHA512

    e679de8db2da62ff9a504b774e455c03dc1f7a6cbefe8e361f8846541d0b2c0a23ea02c6ceb7e1128e266046c400363a7b61f4b36451d40df717754d354ac4d9

  • SSDEEP

    768:wqeAZ1VrH2Fm5bG6YmmghuhsMxRYskKGS+hF2vio/QBUs:wq915HuMG6Xhudx1kLV/AQf

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6533546b5ce56769d5856854c5c2b1eb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6533546b5ce56769d5856854c5c2b1eb_JaffaCakes118.exe"
    1⤵
    • Sets service image path in registry
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\KillMe.bat
      2⤵
        PID:3768
    • C:\Windows\SysWOW64\fgdfsdf.exe
      C:\Windows\SysWOW64\fgdfsdf.exe -service
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\KillMe.bat
      Filesize

      239B

      MD5

      5be1f43bfa04f82a14f1afd4115acb2c

      SHA1

      c19719d12c00e69a088e6766f81fff893e564bb3

      SHA256

      b9000e892324c0609edd2f806c85007e5b9e5b2629a9134ca17c256a0540f5bb

      SHA512

      9b1c1d6c96e6ae0ca01e7156ddd2f9b63d17fcf2337e0826dfbb1563274a89e64ea13220d6b8f151c6331cfc43e6090540a7f9f8d440e6f61e74579bc9d6fc5e

      Download Submit

    • C:\Windows\SysWOW64\fgdfsdf.exe
      Filesize

      41KB

      MD5

      6533546b5ce56769d5856854c5c2b1eb

      SHA1

      a61ee6fee49eb9a645cd254c15c370fa8e8c407e

      SHA256

      dd1787e0d0f3b17d4c7d9bd2b9b2597ecba94feb5beada587ffcdc9b8e6479ae

      SHA512

      e679de8db2da62ff9a504b774e455c03dc1f7a6cbefe8e361f8846541d0b2c0a23ea02c6ceb7e1128e266046c400363a7b61f4b36451d40df717754d354ac4d9

      Download Submit

    • memory/1196-5-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1196-11-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2384-0-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2384-1-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-9-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download