Overview

overview

7

Static

static

7

75fa0634b3...18.exe

windows7-x64

7

75fa0634b3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 22:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75fa0634b3012327b19ea88157264620_JaffaCakes118.exe

  • Size

    59KB

  • MD5

    75fa0634b3012327b19ea88157264620

  • SHA1

    cecbebaff4cba892eb301e25d46201ecd16ac7d1

  • SHA256

    40714f10d395b3d50971a66923680015b8eab46668f96c2c9ce99c4001c725c1

  • SHA512

    684c334d46243ed0eff7bf7baa3fd206a0abf2370bd1246ab84d1bf8f88743de34556cfcc4613d012c257d8c7da70f4526e32877ee8abda93662ced58dea186c

  • SSDEEP

    1536:8lOXC8K8zFEqZWdFbBsufj2mWG1onzawil0CpuH/YXVMr:8oXC8vzK1bK2Ponzaw0pufEVMr

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75fa0634b3012327b19ea88157264620_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75fa0634b3012327b19ea88157264620_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Users\Admin\AppData\Local\Temp\14fBC8B.tmp
      C:\Users\Admin\AppData\Local\Temp\14fBC8B.tmp
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1720
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\14fBC9C.tmp.cmd
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\14fBC9C.tmp.cmd
    Filesize

    235B

    MD5

    b7c0e61ef14df6691ce3b0d068810aad

    SHA1

    c4d92203d573c90d3f41eb0d2fc4ec3c263d9b6b

    SHA256

    c2a0aa625460a0aacca4b5c176a5a713f46c21a7a297f42e7f3345f8523b07ca

    SHA512

    d339b7ef07bdd49944052612157fc604093c66c255f6733c1e8f5f08499b5ab9754339ada89e3378e6095a0718420fc3b89b8417e4635aba6a559741a0a52cd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\14fBC8B.tmp
    Filesize

    16KB

    MD5

    c613a4db1422c55ce3dc2a017a616784

    SHA1

    bea93fdd5218325d4a0b0206479e37f6b6f75a9c

    SHA256

    b57c0ab29c32bc5c4a61d76f05af2fbee98f63c7aa3735cfd25b7e97eb71c151

    SHA512

    cb792d1b23a33dd39e8b684a16f328499a19e6355b45e93962d80e802d01595f00d5d327a908f6532e3ca08ce03e90318343c3bb94275af6850c0b969438e674

    Download Submit

  • memory/1720-19-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2316-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2316-18-0x0000000000220000-0x0000000000227000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2316-17-0x0000000000220000-0x0000000000227000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2316-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.