Overview

overview

7

Static

static

3

75446d5a8f...18.exe

windows7-x64

7

75446d5a8f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75446d5a8fcde92c3c564adf2cbc9750_JaffaCakes118.exe

  • Size

    340KB

  • MD5

    75446d5a8fcde92c3c564adf2cbc9750

  • SHA1

    fa7168a39e7c43b315867883794c505a8410ec71

  • SHA256

    a5d1501bb3991d6898699a59a464ccebb1f1551db5515091ff07e90463f5df64

  • SHA512

    0cf544bb4c98f3f231b1ddf0f5344092104205fb52cc90c8f976f872ba7ab204d215bd2e1b08e6aa10db0501024c9347b557ef1f00bd2d3b2f2ea2a7fe0450c3

  • SSDEEP

    6144:MdUFvsF2idZecnl20lHRxp3gxklt+jrg4Ehm4/9P1WlsLLhRxr8TMsc/hv6t:M+0F3Z4mxx+klIjtKmIP1WyLtnAQyt

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75446d5a8fcde92c3c564adf2cbc9750_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75446d5a8fcde92c3c564adf2cbc9750_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\delself.bat
    Filesize

    198B

    MD5

    df663b2c67a46797fb4be9db6f138f12

    SHA1

    1e7b860deb1c5bcfaccb7d27ea7df60c40f5f5ab

    SHA256

    46898c909f86c588b6ec27383619567cf2e4e962340625f2ce40bdcaa1bfd7d8

    SHA512

    e55b1a21b371b44d03dfb95ed4a27b979481886f7d182d6c9879f8738667507dd694a2ea2c8a559a56c291917e06a76f11cbd5d170c18a8338cbf0dcba6a81b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp9082.tmp
    Filesize

    3KB

    MD5

    71c84ece7ab13e77c3bdde2ce1817fb8

    SHA1

    1bb57908180fa45eaa08a9beda9c963ba93b39e8

    SHA256

    5c43e0bcf6f0ea28acb4a06c9528ece43b0a363f13175494e1aeb9c585da0f59

    SHA512

    ea078e76f8a0a23b57bc2110b799729434332ffc4d55eff1501ec52eb41a34b00a204f5811f0882afbaf49db643b9824b59fb00ae9a669842280dcad03ed5380

    Download Submit

  • C:\name.log
    Filesize

    56B

    MD5

    7d2b5bb0c20aff2563a0d5dcd3b5632a

    SHA1

    1a4ac79f211b0e42a79d10fc94cfb5bc7dd26c0a

    SHA256

    e0d6a8df5d9342eac8e3f943be9bc44d214fea5a91f4b46ed899196905521443

    SHA512

    159579335fed32f30a519057c4a7b1944523e58769c8467491bbaf9682cb9c0b987520b5bc8c8f19c21d70a3f3cbc44ed9ddaa59a20b4b1229f66d5769f6f89b

    Download Submit

  • \Windows\SysWOW64\ijiq.dll
    Filesize

    13KB

    MD5

    0b90a4f918bd5c27a1aadbe5e756101c

    SHA1

    4b13eb9e1e14c31ce6dba96333ec2ff098ef3671

    SHA256

    7f6334daeb802212a944c9220a0a86733c5fe0fb908d5c0b34e280f509b4912b

    SHA512

    1cdf9277eb06746a389e5cc0f8103d84018f0d5cf348c11d7b56913bd919334d02f299131d9158bd30277974785a792b97543b6d484196a4abad41e32673819b

    Download Submit

  • memory/2504-8-0x0000000001F10000-0x0000000001F11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-1-0x0000000000370000-0x00000000003C4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2504-7-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-6-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-5-0x0000000001E80000-0x0000000001E81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-4-0x0000000001E90000-0x0000000001E91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-3-0x0000000001F00000-0x0000000001F01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2504-2-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-16-0x0000000025000000-0x000000002501A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2504-9-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-10-0x0000000003180000-0x0000000003181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-11-0x0000000003170000-0x0000000003172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2504-12-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2504-360-0x0000000025000000-0x000000002501A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2504-359-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download