Overview

overview

7

Static

static

3

6588525774...18.exe

windows7-x64

7

6588525774...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65885257742e286a25fc6c64fb809b8d_JaffaCakes118.exe

  • Size

    443KB

  • MD5

    65885257742e286a25fc6c64fb809b8d

  • SHA1

    b53132106e71dbc27407a7655a2e8d1b3c8c1472

  • SHA256

    469ba12866ab891a48f252348f3d794e434cc7db3a95aa52bad50896e1b5a6aa

  • SHA512

    ae36abe54fa2776043de0f4770109d3d6143a9c25ba10bfb4b4761fb988640b5570c838da755035e52ccaa53aa50891c05a84712a848467db3c4e25ecb64911d

  • SSDEEP

    12288:djHXtuvJ5OTJpD6hLsMMDg/bD6ooBESJ:dhWiTJt6dDMMHa

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65885257742e286a25fc6c64fb809b8d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65885257742e286a25fc6c64fb809b8d_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\ProgramData\dA01803PbHoC01803\dA01803PbHoC01803.exe
      "C:\ProgramData\dA01803PbHoC01803\dA01803PbHoC01803.exe" "C:\Users\Admin\AppData\Local\Temp\65885257742e286a25fc6c64fb809b8d_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\dA01803PbHoC01803\dA01803PbHoC01803.exe
    Filesize

    443KB

    MD5

    2bcf32a522b9222617c9361ff4906c96

    SHA1

    3240af3a3ecca00e88d6a8675aa32e916be7b114

    SHA256

    4f10828f386e42fbec7c80ef33e612eb77e1cf940e185ad3944eeca6a8cf9ad0

    SHA512

    590c7147f4a073825e6d36b2fc8246696efcf6c26e71a5e3ec73348c3c70604d47efe9d91a15b54331c3bbce3b3762b3ae586b0744c6d016c04e7759ecf36e6a

    Download Submit

  • memory/60-1-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/60-2-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/60-14-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/60-15-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/1344-17-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/1344-25-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/1344-32-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download