Overview

overview

7

Static

static

3

75ce17c212...18.exe

windows7-x64

7

75ce17c212...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75ce17c21270c0d34224ffce8f36d004_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    75ce17c21270c0d34224ffce8f36d004

  • SHA1

    3d648cde0023395163daf2ab209db6390f22785d

  • SHA256

    1e0091cbf9a90e8c811d6f5c570c6e5d13d28423b520c35a6eeb22b5d7e51f10

  • SHA512

    0dbcc7f08e325248b0e0ca33e75a7f0f237507f81d845996d565c8a3c5512a1d759b6fffa46873bafb4fdec700061ecfc12ac199a82d6b8e675699f1823f3733

  • SSDEEP

    768:7CzzXxc/eKP5yHiRr4rdH1j44J6nUYuKt/SG1gUg7:Ozbxhm5RRrmH1j4qnc/31gb7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\75ce17c21270c0d34224ffce8f36d004_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\75ce17c21270c0d34224ffce8f36d004_JaffaCakes118.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2524
        • C:\Users\Admin\AppData\Local\Temp\server.exe
          "C:\Users\Admin\AppData\Local\Temp\server.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\server.exe
      Filesize

      28KB

      MD5

      072bb1bc105201f1f544b81545e61cf1

      SHA1

      03680467c993baac75159a537c65ab522975e005

      SHA256

      ff419326409fa69ca50ebd1d99874dfdc110bdf949021ddb7f98957258ebe59a

      SHA512

      d50d20e03b407b1316333bb8aaabd92deac6c6338cff17f9f90611458a48119462138f8d2f379f3f92ca2fdf18d01edb6d1f7702290610f1eb35dd63baece314

      Download Submit

    • memory/1212-13-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-21-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2008-11-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2008-16-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2524-0-0x000007FEF614E000-0x000007FEF614F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2524-1-0x000007FEF5E90000-0x000007FEF682D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2524-2-0x000007FEF5E90000-0x000007FEF682D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2524-3-0x000007FEF5E90000-0x000007FEF682D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2524-17-0x000007FEF5E90000-0x000007FEF682D000-memory.dmp

      Filesize

      9.6MB

      Download