Overview

overview

7

Static

static

7

67cc060201...18.exe

windows7-x64

7

67cc060201...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 13:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    67cc06020129aebe8b4ee8b7c4dffbc3_JaffaCakes118.exe

  • Size

    45KB

  • MD5

    67cc06020129aebe8b4ee8b7c4dffbc3

  • SHA1

    f7cbd70640ce8fe87421129036ae987a3054b6ad

  • SHA256

    58615f1b4935d05f0a006fb16b50ad258a1f7561cbfcf3e609eef8e21309ae44

  • SHA512

    891380526df4a2c98f224dff795b27d74e6a5fe1e0929e22f6e7e0cb831dba459c9f3b5f6ad7bf543145a6bc9d9e34122520806556e99dbd7db55db618d8ca78

  • SSDEEP

    768:ECD3WMtroY1r9fXkaV9g3S77VTPWzpEWVqtovVKgETBysvXsvllgl:EC7dZnUaVbxTqLMtovHETIsvX+vgl

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67cc06020129aebe8b4ee8b7c4dffbc3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\67cc06020129aebe8b4ee8b7c4dffbc3_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -u /s shimgvw.dll
      2⤵
        PID:944

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1052-0-0x0000000000400000-0x000000000046A000-memory.dmp

            Filesize

            424KB

            Download

          • memory/1052-3-0x0000000000400000-0x000000000046A000-memory.dmp

            Filesize

            424KB

            Download