Overview

overview

7

Static

static

7

65b77dc9bc...18.exe

windows7-x64

7

65b77dc9bc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65b77dc9bcc299eb6c89b7a634c923d7_JaffaCakes118.exe

  • Size

    409KB

  • MD5

    65b77dc9bcc299eb6c89b7a634c923d7

  • SHA1

    332deaaa6ffe33f5e7820a5d7ec9fd67e7b8395e

  • SHA256

    24fc182e430c1d3e140af10bce14ca417f912dc93de5f2d5aeaaa9708b6a2623

  • SHA512

    aeb4579f9f96cb3d4ce257558dbdf500c4ef192347952fae35bbb0c1f4fce470e5a1271d88fbc447482a7ddbb8dab85f5cfef2c620ed96c3af5f44759aa170d5

  • SSDEEP

    12288:DA4goYcLbiCwhCXfVjIzU8F3Ug9DO7hzm9ubK3rrE4GWHG4:DAtcLECXpIz1F3Rk2304GW

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65b77dc9bcc299eb6c89b7a634c923d7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65b77dc9bcc299eb6c89b7a634c923d7_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\Nxilua.exe
      C:\Windows\Nxilua.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Nxilua.exe
    Filesize

    409KB

    MD5

    65b77dc9bcc299eb6c89b7a634c923d7

    SHA1

    332deaaa6ffe33f5e7820a5d7ec9fd67e7b8395e

    SHA256

    24fc182e430c1d3e140af10bce14ca417f912dc93de5f2d5aeaaa9708b6a2623

    SHA512

    aeb4579f9f96cb3d4ce257558dbdf500c4ef192347952fae35bbb0c1f4fce470e5a1271d88fbc447482a7ddbb8dab85f5cfef2c620ed96c3af5f44759aa170d5

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    e3c19bce7e850449bf670e5fe85e60dd

    SHA1

    c8d78a0e7adb7b5e46db9f2d5912b7589e6e01d0

    SHA256

    e5a6fd3e41c09e803a31658c116e5b4ccd8a35fa06d4c45325ecebf8e324464d

    SHA512

    b6e1e9c7402560a8312a4278a6481b4cc3ad115276c1d1f740f904bd63e61dfea174bd8064e66fbb52eadaead8df8d1182bccf1737edd332c1e7b59ad8c11a14

    Download Submit

  • memory/2556-0-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2556-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-2-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2556-14-0x0000000002130000-0x0000000002198000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2556-13-0x0000000002130000-0x0000000002198000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2556-47227-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2756-15-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2756-21-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2756-47229-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download