Overview

overview

7

Static

static

3

620d5812ad...18.exe

windows7-x64

7

620d5812ad...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    620d5812adab1b259afa3c7cfc1a9420_JaffaCakes118.exe

  • Size

    117KB

  • MD5

    620d5812adab1b259afa3c7cfc1a9420

  • SHA1

    c85301aac0836da13ec02a12c6ffca7b054d606a

  • SHA256

    5929cdd4adcb86bee392fb40d9d818ad8bb6ca8eb95f20a3fb811f241d882590

  • SHA512

    2dec3d54b7680961d5378155d0b393b234646372908a8b668985022b1b76b60fc2a1644e6ed79375beec6999c1ce22ca0fda2204d70e78b45f5af1f2ecf81dd0

  • SSDEEP

    3072:ZFmI1FY0GrjCsBBdbdmS8gOY0NF4AKVJtrN43ZR:HRaCWdbduNVKVJz2z

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\620d5812adab1b259afa3c7cfc1a9420_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\620d5812adab1b259afa3c7cfc1a9420_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\2.exe
      "C:\Windows\2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 36
        3⤵
        • Program crash
        PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\2.exe
    Filesize

    103KB

    MD5

    a185d566bdc851a6cbfddb35fca6b992

    SHA1

    a9dd9927669549069188d11e9348e2111d1137ac

    SHA256

    d4b9fd07b5cb22b9e244f2ea1ba7df2e0b865ec5e0b0dc86ed595ca03deffd5c

    SHA512

    41d0ab2af60b6ed96f4269abe34689a896e3f72cb84da81a260a7046f427166d7f0d9b1ed8704006fcf838ed484b7787fde8b379bef6ec01a8dc74d3eff53785

    Download Submit

  • memory/2624-10-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2708-1-0x0000000000400000-0x0000000000420200-memory.dmp

    Filesize

    128KB

    Download

  • memory/2708-9-0x0000000002A90000-0x0000000002AD8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2708-8-0x0000000002A90000-0x0000000002AD8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2708-11-0x0000000000400000-0x0000000000420200-memory.dmp

    Filesize

    128KB

    Download