Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 02:44

General

  • Target

    724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe

  • Size

    163KB

  • MD5

    724d78445402cebed2b36c4f0609934b

  • SHA1

    41cfa8553ccbbbb0df19cf9c31d9728e8b798137

  • SHA256

    d3af8b19ead0d0068700073844f3d650f0bd30db22cb4a552d378bb71c6133a3

  • SHA512

    90704e5071624a399dd582b5d1602f7cb0a38587d8e86a7cd93a7fcd3629c5ca5cd4f41daefc10e89813df368dca97b8b6f3f7fd6dc37e1a1e8d6b7b93533d10

  • SSDEEP

    3072:9yugHZpKjaHdOG6x0cj7GuokrVD3RLnTTrB9qltGXmNyKLIeVeUZj8N:XUuIQG547GhUPnrB9Z2NysIeAY

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\CID.dll

    Filesize

    20KB

    MD5

    233c4d2d6c78482f69e7a5e4208c732d

    SHA1

    33ee43b5c8dd1a6e4eef594b1129ae6520f6df47

    SHA256

    dc3dd45734dae86ea184754183bcda623d25e871760d9313c0c8cf4401d131d9

    SHA512

    3929b040293779d025045b938dc31723def165a7ed2c0d2de3961e9a8907cfb10708db640b8dd0637f526fcf501142e448a1aaed91829ee9a97d43b24da22a2b

  • \Users\Admin\AppData\Local\Temp\perplex.dll

    Filesize

    20KB

    MD5

    8885590be20dec972df9a79d6b4693f6

    SHA1

    3a690b8d695f81a0d3ca7869ab830d853748e70c

    SHA256

    160cca4ee96178d06e7f5b0f272d422cda2cd8550b7119a307f67fa60341aa11

    SHA512

    480ba22b872ecfc47bfb93b631b8c40ad2d63f1e2530b04f7691a91ffea6ec0c8881030b916159086bef990edb00787cd1b7c15651ec14d80cdaefbd8be0151c

  • memory/2632-0-0x0000000000400000-0x000000000042C500-memory.dmp

    Filesize

    177KB

  • memory/2632-7-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

  • memory/2632-9-0x0000000000400000-0x000000000042C500-memory.dmp

    Filesize

    177KB

  • memory/2632-12-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB