Overview

overview

7

Static

static

3

62ccf00d67...18.exe

windows7-x64

7

62ccf00d67...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2024 10:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62ccf00d6789be8f2f736e6402d917c0_JaffaCakes118.exe

  • Size

    292KB

  • MD5

    62ccf00d6789be8f2f736e6402d917c0

  • SHA1

    9a4a0f5f88c35f712c2a47c075f0e0b0eca0aa86

  • SHA256

    04c0fcb072b7af1d75bbf6c2aec071b864ea1dab1f89731369f7d82f93b6ae8a

  • SHA512

    22445649a986d74c6e18d8cb81c533eaa89fd403ee92a6d8c7f10088749504246851af19a06710db0ed6c10bbf160f4789e310d077175917f0a842c5d4ff7907

  • SSDEEP

    6144:8HogBfdMhCuPF9ww5uZbFxaSsBk3+ufkVsXXkSqb:VQubwGgbjPsBBuf05tb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62ccf00d6789be8f2f736e6402d917c0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\62ccf00d6789be8f2f736e6402d917c0_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3024
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Jpaq\Lrplqylch.jpg
    Filesize

    346KB

    MD5

    6f2db5611af7c0bd8b1c478833f26af5

    SHA1

    d9d0d40c851657f890fb180acf1f9941da83a832

    SHA256

    b552c9a05d4047669f215ce501633682a0153cf4749d331a1c37decf7a5bef20

    SHA512

    74abb296cdc1966858c94c784ce65e01b90d5be73e69deb4930627ed70024b55404c8493de0165702b9458226161c66400db3a91945d98942f191ee46e60a631

    Download Submit

  • C:\windows\xinstall2123400.dll
    Filesize

    210KB

    MD5

    be658aa03be1bff11ab89fefc5968d72

    SHA1

    2fc9649232c1f59fdccd316adf4d973d8aa28448

    SHA256

    4c3d876a7d084ba61fbc59906bc45cd6f64a691a5a2db9c5fe8b9da3b6e02830

    SHA512

    58175d01376ca39da7842b702f75c5c45fd02c9c67b29554f056ce1316fac06a0b4d5530430e60ba196f91152fea0a24ada24dc258e63503020abef9d8dc40e3

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    115B

    MD5

    283df7e31898ce502dd2e5122e63d72e

    SHA1

    6bcac471b331a38ba8d2442a70aeac621e9c786a

    SHA256

    84d9e019b524dfa120eb1f78216effd8fd021622a467d35c6a7cdfc70e12153e

    SHA512

    35cd874f67346bdd25507223f4a6de5c3060fda5f88b9b4050d8e92897b439d9df1f0c219f5afb61beb045fabd59b93350d4dddc65f8f1b02d3228e7f2144a7a

    Download Submit

  • memory/2384-12-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/3024-4-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/3024-16-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download