Overview

overview

7

Static

static

7

746bef0105...18.exe

windows7-x64

7

746bef0105...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    746bef01056a1e390de4dd05730df6a8_JaffaCakes118.exe

  • Size

    459KB

  • MD5

    746bef01056a1e390de4dd05730df6a8

  • SHA1

    810da31e3cc8a0e801031e832a7ce41f80353a60

  • SHA256

    18f34e8fc05478f8d3eab56c4597b4c48f99b6ebcb74e3aed81febb3e9320329

  • SHA512

    9614f5d2a66599ed6c9a4f8ef3d4d2b616a826ad98ffdbece972630abb506ffdf1877bdd0150fec8f2a4dc9cae9f39f73d509024cfe7437be8200ddd017cdc0a

  • SSDEEP

    6144:U+7CcSJzOGT/2oHnsUTMyXxavz4+aG1Wj8FcNMcFxXz7Rj75SodSA95rZEu/VA8d:hCjmzcFh3SzA95Nx/SnMuvMcNo2q

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\746bef01056a1e390de4dd05730df6a8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\746bef01056a1e390de4dd05730df6a8_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Windows\Icivea.exe
      C:\Windows\Icivea.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:4944
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 816
        3⤵
        • Program crash
        PID:335324
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4944 -ip 4944
    1⤵
      PID:335244

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Icivea.exe
      Filesize

      459KB

      MD5

      746bef01056a1e390de4dd05730df6a8

      SHA1

      810da31e3cc8a0e801031e832a7ce41f80353a60

      SHA256

      18f34e8fc05478f8d3eab56c4597b4c48f99b6ebcb74e3aed81febb3e9320329

      SHA512

      9614f5d2a66599ed6c9a4f8ef3d4d2b616a826ad98ffdbece972630abb506ffdf1877bdd0150fec8f2a4dc9cae9f39f73d509024cfe7437be8200ddd017cdc0a

      Download Submit

    • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
      Filesize

      390B

      MD5

      20a70ac442deed770c55708673afc9e8

      SHA1

      82ed72c714142c31a6c5e74ee4de401f546ed4de

      SHA256

      ad21fa7bd9d9fefb6812e762100772e1875b83e1d8999e4cf21b33243dfa1ed0

      SHA512

      99d4bcae14cca42779a1d367a569811cae7740f030f51e041116b1f727d7cab2f53803cc60600668e7579c1666b8366fff8c05e47c81a8508b2461bd56ff91a7

      Download Submit

    • memory/4600-3-0x0000000000500000-0x0000000000501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4600-0-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4600-4-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4600-7-0x0000000000400000-0x000000000043A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/4600-2-0x0000000000403000-0x0000000000404000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4600-1-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4600-140433-0x0000000000400000-0x000000000043A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/4944-15-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4944-21-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4944-20-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4944-25-0x0000000000400000-0x000000000043A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/4944-140435-0x0000000000400000-0x000000000043A000-memory.dmp

      Filesize

      232KB

      Download