Overview

overview

10

Static

static

7

746cb17b56...18.exe

windows7-x64

10

746cb17b56...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe

  • Size

    784KB

  • MD5

    746cb17b56ad14494a15531afc167ccb

  • SHA1

    138d6d8d429d19ab9e83736b585384875d651a02

  • SHA256

    daec6ee887786ae17cd669625b2a26ec0632d4787dbce36d336ba55e31a3c95c

  • SHA512

    0fa3e6e684d2d38c70f4b117547c782ddbd4c950b5258be4793efb35ece2b8d04cca7b2696d045fc1caa2a41db4a5850588c32f7bfd629a1137502f67af29efb

  • SSDEEP

    24576:KrxL0/Dmf6BTJttFClkcGJD12RiSHyaqH14wS25HU5Q:4LkDTJg5GJ5KjFa0

Score
10/10
xmrigdiscoveryminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:3336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\746cb17b56ad14494a15531afc167ccb_JaffaCakes118.exe
    Filesize

    784KB

    MD5

    13b718d474104f9b55aa5b9c8923935d

    SHA1

    9d2faa3c5321b45fb64a93c50434e97053127606

    SHA256

    ceb627a82eb70d8e00968ade41b504d37713264639713d614f58eef458a20882

    SHA512

    eb32a0f449cadfa5f0576dd96155cacdcffdfbe036db8e9c9b0e9cc24c864f1a9b688d562f3ce9b22609475734758b6c04bbf9bb0b90a7393321161732a2353d

    Download Submit

  • memory/2232-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2232-1-0x0000000001720000-0x00000000017E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2232-3-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2232-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3336-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3336-14-0x0000000001720000-0x00000000017E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/3336-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3336-15-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3336-29-0x0000000005540000-0x00000000056D3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3336-30-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download