Overview

overview

10

Static

static

3

632211096e...18.exe

windows7-x64

10

632211096e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 11:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    632211096efa35152243473f851d2c89_JaffaCakes118.exe

  • Size

    132KB

  • MD5

    632211096efa35152243473f851d2c89

  • SHA1

    821915616aca176239a8e350d0a85aeebe53b5fd

  • SHA256

    618dab063566becf8082da1923cbb5b959002536330aed0541e8782af418d198

  • SHA512

    10ec1dda11e384ecf1c2d6e475a5f40fa42c8c12586a5e9516f09d383095ad0c230b3d5785ccc1870bc1ab263241aa9d9c13d150c54b78eb621b8a0435fcb694

  • SSDEEP

    1536:pwWGhgYu9+7gWbrimfWSeJFzkRcTwdE1dIumgDL0FfxTGHzejyz4:pwKT8gWi2eJFzkRswZumgDLOfqze

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\632211096efa35152243473f851d2c89_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\632211096efa35152243473f851d2c89_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Users\Admin\jeonu.exe
      "C:\Users\Admin\jeonu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\jeonu.exe
          Filesize

          132KB

          MD5

          e29282710f7fc35f994f3ec56694fecc

          SHA1

          e4608a9e7684a45469cb5e8a0c4d2e0393250a10

          SHA256

          9f82fe44f4a06bfdc4cb8e1b596c3eae06116c7b1a7c0eb0f4455f8bceb73717

          SHA512

          6518ce7cdf28734c4f959888ab4a752b0514d69e276bcef6972b3d3599abad5214c0ad2e858da5bb98ffc39af56339aaa5e5679487539ebf8fa9f7d9bb9c7d67

          Download Submit