Overview

overview

10

Static

static

3

65b5feab63...18.exe

windows7-x64

10

65b5feab63...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65b5feab63a5caaed4fb9a6e8f6d3cf1_JaffaCakes118.exe

  • Size

    260KB

  • MD5

    65b5feab63a5caaed4fb9a6e8f6d3cf1

  • SHA1

    b7ee676f81afb11712c04907e4970535be628b5f

  • SHA256

    a0b88f496b91fca5a6f9d5fc8118a90f5ee108dc9e58e80e7ab6a199722588dc

  • SHA512

    89889b12987ca3ebcd0c161b0a6628b07bdaae1ad7937055ebfa1c16a871ed6855bbce089ad65baf942949cb7866166598f6b10a9d0e25a215416e7b65fbdbd3

  • SSDEEP

    3072:xw9eiaxuIiE64j9a45Kf/4xLMfKdRR7yH3TFavCPQjIYQHCd8boxQVV/V3xYR:mTI/6qKWmH3TFCCoNLx+V

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65b5feab63a5caaed4fb9a6e8f6d3cf1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65b5feab63a5caaed4fb9a6e8f6d3cf1_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\keeizi.exe
      "C:\Users\Admin\keeizi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\keeizi.exe
    Filesize

    260KB

    MD5

    4738ae0661d05287622b254aeba71268

    SHA1

    09b75ee776b9d66b21c5a5c37026e1bcda20878a

    SHA256

    c39574f68e4e934b1ca4e05d639187b6a2b47047b4a09fddfb306d57dc9da7b1

    SHA512

    1fd4ce710e07faec060fee7555bdbf914fae428ebffbe83888b78f4912c9a4e5e612808fcd47692be7f9afb8f4443473d95253992cc09a2b96374e53b3d34862

    Download Submit