Overview

overview

7

Static

static

3

62c97308bb...18.exe

windows7-x64

7

62c97308bb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 10:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    62c97308bbff008384fe910e0358f33d_JaffaCakes118.exe

  • Size

    85KB

  • MD5

    62c97308bbff008384fe910e0358f33d

  • SHA1

    7ad3fde0ba12e1f02dadec817973c53b12d29710

  • SHA256

    5c7f9372fea7c0baa8e73382a708206ef0037c27532a39b8d3a319b06e682501

  • SHA512

    c7383e8400f2ba9be618c58ac0bef3daa578033de2d2b1b7846d5fb6d352c408cd271970a7211fffb46f8209174f1be75496e98e30229d50de9900d9fcbeeebd

  • SSDEEP

    768:JgO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD7aXKynF0vQcYZUcc:eshfSWHHNvoLqNwDDGw2eQcLb

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62c97308bbff008384fe910e0358f33d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\62c97308bbff008384fe910e0358f33d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          84KB

          MD5

          c2a416cc03578843fcb4b0ecec54637f

          SHA1

          44a056ba92e7eb97b768b7cda7d35be331dc7345

          SHA256

          d0993ee9dbfc27bdea460f1060655b6fc4aca7df834c067f7d80d6eaf5ef82c8

          SHA512

          30238c9f6a7670d94dd919f44dc755b66a7cb40994c98c940a1dd3e539f7e618a40f725171932eadeafd6a55b7665acd44bd5525341529b67a75f34df60776f5

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          87KB

          MD5

          4c82b36ca833ceeae3783d49d9f2f220

          SHA1

          a03709d9ea91911c399426ed324d2e53523cb87c

          SHA256

          ee0b9e464d68bf6e9e3eb6738c455ce02d29cdf3293d147ae814b28b58d825c6

          SHA512

          8adbae5da48eada489e6e2d90390b9ee70d3123c945e448550268a7e197be378004bd6e7dee9dac7988e82a77bee01d62745afcce9a03a3c0f4405f0ef694613

          Download Submit

        • memory/1684-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/1684-17-0x0000000000360000-0x0000000000375000-memory.dmp

          Filesize

          84KB

          Download

        • memory/1684-20-0x0000000000360000-0x0000000000362000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1684-19-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/2808-21-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download