Overview

overview

7

Static

static

3

69b77826c5...18.exe

windows7-x64

7

69b77826c5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2024 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69b77826c504861a7671047f7c0119f0_JaffaCakes118.exe

  • Size

    125KB

  • MD5

    69b77826c504861a7671047f7c0119f0

  • SHA1

    7932b4372e87c9c80293853d7bae86a666282dd6

  • SHA256

    6c5772f8dafba29898ff741011afa7c43c99b188f19e902501a6f0629fe5b3e1

  • SHA512

    43ea47fa4e949ff9279725c4d30897b2ff674994d4163e6e46b50ee9a79bdc91c9600e46a88cef7df898d3069a9aefc8cffc9935e80261f89b7f38a2f57f0a44

  • SSDEEP

    3072:FTMKeVZkOiK4gZzRPQNrftdSQnGdFcT+vwT6Yf:FTMxZ7iK48dulkQnGdFLve

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69b77826c504861a7671047f7c0119f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\69b77826c504861a7671047f7c0119f0_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\Kvoxoa.exe
      C:\Windows\Kvoxoa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Kvoxoa.exe
    Filesize

    125KB

    MD5

    69b77826c504861a7671047f7c0119f0

    SHA1

    7932b4372e87c9c80293853d7bae86a666282dd6

    SHA256

    6c5772f8dafba29898ff741011afa7c43c99b188f19e902501a6f0629fe5b3e1

    SHA512

    43ea47fa4e949ff9279725c4d30897b2ff674994d4163e6e46b50ee9a79bdc91c9600e46a88cef7df898d3069a9aefc8cffc9935e80261f89b7f38a2f57f0a44

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    af6ab34f93c7dd82679cad6f58be349a

    SHA1

    9dae7248f9d8946383f568cd5a2f8000a8bd1349

    SHA256

    7ca8e133248f0ab0bf827567f7bc5a55db176d75dff4d4ef06472007a64ce1a1

    SHA512

    cdc7028a1674d12874ef2a397c0fcd96a20c469ac780f75fca7b96e5149e89b2fe8704902ef4b62128237b8233e5b193982a174cfdde2e1f97b512c9b6b8e831

    Download Submit

  • memory/2492-45486-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-8-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-45483-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-45485-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-45487-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-45490-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2492-45494-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2632-0-0x00000000002E0000-0x00000000002F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2632-45482-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2632-45484-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/2632-1-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download