Overview

overview

7

Static

static

1

637ff2bfc6...18.exe

windows7-x64

7

637ff2bfc6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    637ff2bfc603bfd381589ca863a20a84_JaffaCakes118.exe

  • Size

    488KB

  • MD5

    637ff2bfc603bfd381589ca863a20a84

  • SHA1

    17d7b80bb784f0364af66970638d41cd3c6a911e

  • SHA256

    5971e8b701fa9d3ac36e6709d024ed7277f47942835b8c2343c35aa281933f36

  • SHA512

    35e8cb8668f1b2c8c207755348c80430fd5ab7c2d91f46358c74a6a62f93b2ad4e34774df046d31dd554af5b6f48b1b64362845ca216bf21e7e97202ca3252c9

  • SSDEEP

    12288:CSpAZ3gtueKw9pPncZL1rSnnzVS5VyFXUGesd1YW4:CSKZwtv3UynnzP9UZjW4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\637ff2bfc603bfd381589ca863a20a84_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\637ff2bfc603bfd381589ca863a20a84_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1008
    • \??\c:\292cc8e179866db38a38\update\update.exe
      c:\292cc8e179866db38a38\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\292cc8e179866db38a38\_sfx_.dll
    Filesize

    25KB

    MD5

    ee207e35aea4d5df41d90221e1b66efa

    SHA1

    757469cf9ad2f21f267bbe730560114fdf8a89a5

    SHA256

    cf64c95e9a2d02967efc22b00efb3736156b913a95231eb63c1df45d43475e64

    SHA512

    43e9f75725daa4f3428b2d9cee2c2cc8b2f2e991b8e58d72d2f429fbdfb614c86d172f03d3f9da98756bd4e245643d9a57c6efa422d6c60ad364a2322245542d

    Download Submit

  • C:\292cc8e179866db38a38\update\update.exe
    Filesize

    737KB

    MD5

    0ff4e4e0dd01e7872d9c2013560fd4a7

    SHA1

    f6a3aa7d551c99c3e9c00c9592c2be1b1cf1a81a

    SHA256

    fadc30d8a636762c424ff4f49d528f22d59c46c20c24c5c4b73badb4deb5e8a1

    SHA512

    8e154e66b6949e93532052a15762db2cbcf9d8dbfce9ef18ae2adcfd126974240716220151d1e59347fb4f094da7ab31701b32d3fdc5726c2da098154319a0b6

    Download Submit

  • C:\292cc8e179866db38a38\update\updspapi.dll
    Filesize

    373KB

    MD5

    8d13dfd9d7351b2da87ca237277b6cf3

    SHA1

    a9ef7f91183857ae6dba937f9f95282f6c590a9d

    SHA256

    dc2beb43cefa8840d3ac7d622079870f247f97a205a52cb4794b1d688c155463

    SHA512

    d11eee63de309e2b81a92fa9c72a11c1a587e4491214e1d45ad20cba3677ebf99bf98483bbc7f579d5f830e4ca7473d532abc1c6dd7c64ad455e0cd1bcc9a792

    Download Submit

  • memory/1976-43-0x00000000009F0000-0x0000000000A4E000-memory.dmp

    Filesize

    376KB

    Download