db599069638bf37d0f20b7b201551e74a9b813ea492e1394938ee917d988e9ab

Analysis

max time kernel
61s
max time network
59s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 01:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

768df2dc4933707298471a64c9e217e2_JaffaCakes118.exe
Size

75KB
MD5

768df2dc4933707298471a64c9e217e2
SHA1

77970e5d3411a51d1bf90328c9b3e1e07b13624c
SHA256

db599069638bf37d0f20b7b201551e74a9b813ea492e1394938ee917d988e9ab
SHA512

efa342629ad0ddc01aaf410e897dd20c43df581983946de2ff88532b54171b3baca582947d36ca2bcbc81f51caf42709724a99918868c6b8958598670339c6e9
SSDEEP

1536:3Ym4g4x8YGVSc5Xm/1jtMc9RmHctsNgI8O5OpR2DtujZsIByLRtmi0Ry3ws8ESnZ:iPx8zVSw2/1jrR6ZVd55Bg3czlAxout

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/712-0-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/712-1-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/712-6-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/712-7-0x0000000000400000-0x000000000043C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Windows\CurrentVersion\Run\515358524a524512594459 = "C:\\Users\\Admin\\nvny.exe"	768df2dc4933707298471a64c9e217e2_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
712	768df2dc4933707298471a64c9e217e2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\768df2dc4933707298471a64c9e217e2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\768df2dc4933707298471a64c9e217e2_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/712-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/712-1-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/712-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/712-7-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads