Overview

overview

8

Static

static

7

78f6e185cf...18.exe

windows7-x64

8

78f6e185cf...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 17:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    78f6e185cfe1b753b01869acba4f33ff_JaffaCakes118.exe

  • Size

    5.4MB

  • MD5

    78f6e185cfe1b753b01869acba4f33ff

  • SHA1

    b63f4d09298b655fca8278366d4969d16947a3e8

  • SHA256

    19eecdf1a5ac0cd871c7a7b04ed23c4bb8f108ae044e82760e004aafd4769508

  • SHA512

    ea53fc68f1d9645282b2ec352a320e61bd361a29f3b9dfca7e8536519c3706cb35f1c5a9f781b4cd3e158a8a0821d117f6292037409b1cc03eace34f93563f4b

  • SSDEEP

    98304:9GaVoApTrH+hXDryhmoAr0KG56XgySR0IWXtab646IJrOhACu50kSEqWwKU43NX6:91VRp2RdtIcEq2UcNVtpoiOAxGnPBFUW

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 15 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\78f6e185cfe1b753b01869acba4f33ff_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\78f6e185cfe1b753b01869acba4f33ff_JaffaCakes118.exe"
    1⤵
    • Sets service image path in registry
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:4084

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\IME\1.DLL
          Filesize

          48KB

          MD5

          98c499fccb739ab23b75c0d8b98e0481

          SHA1

          0ef5c464823550d5f53dd485e91dabc5d5a1ba0a

          SHA256

          d9d8ce1b86b3978889466ab1b9f46778942d276922bf7533327a493083913087

          SHA512

          9e64ac13e18ab0a518bb85b6612520645b5ab2c9a5359ced943813ba7344714999f25ba0e52240ad2d0c2fefc76552ff43173adc46334ff0b5dba171fb58e4e6

          Download Submit

        • C:\Windows\INF\Https.dll
          Filesize

          109KB

          MD5

          e30f68c5a0971543847895bd993be0cb

          SHA1

          eda2d1bc6d3f89afd96650a0c59d727d5586bd40

          SHA256

          70e641d89fbd4c7e7ba7b3b9e1c1b93b5122ed26bfbed733d78ec45ad7e904f4

          SHA512

          d6736252dce9ffd62dc66f83d1f812d24be5b7a62b95896bed242241fb15cc9fe6b862a1837031491ef8281c74f018ebb3f7b3fdfe380f12d928ff6240f1139f

          Download Submit

        • C:\Windows\INF\Https.sys
          Filesize

          16KB

          MD5

          2de012f51bb1405de2a0252b9ee956d1

          SHA1

          82ce85a4353bad2a76c50f475de51bd4b5aeb226

          SHA256

          54cba28e4813b9e3ee154d68bb77b9b5c14aa0a74549cdbfbbabeeb86ccf17fb

          SHA512

          c7fe6206ea3f3632a19f6c788c77d1d2bc304170b9ebabdc9d398f01e145a8af7ab17973afa3be0c390c2a2e3c3d61babbecbdba504a2b51502d5ff372e79a48

          Download Submit

        • memory/4084-0-0x0000000000400000-0x00000000009CE000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/4084-35-0x0000000000400000-0x00000000009CE000-memory.dmp

          Filesize

          5.8MB

          Download