Overview

overview

5

Static

static

3

78e4ed5e85...18.exe

windows7-x64

5

78e4ed5e85...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    109s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240729-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78e4ed5e85d5f4c7200cb939e06061ac_JaffaCakes118.exe

  • Size

    280KB

  • MD5

    78e4ed5e85d5f4c7200cb939e06061ac

  • SHA1

    e2026d588f8fc11e74903b29d1e38050414db0ea

  • SHA256

    bd5fbb75da23c0cf516eb4e90c29fb68511ac3ab3e300f721b0ae34121f63414

  • SHA512

    3182a29b5d6d7c02791960e2b15fa6f75590d6b207343f7056362038ce5a4ab5468137c68d1f787934e17b92f69b770ee80719020f9f715100298cb20349dfc7

  • SSDEEP

    3072:GGNhsmuLF9w8Vg8JVwl27xEYUfWHg5422Njjcvf4EnP8chkSGf2rLEu/LM/Jzjo:GGfc9w8Vg8JVY422NjIigrLEu

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e4ed5e85d5f4c7200cb939e06061ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\78e4ed5e85d5f4c7200cb939e06061ac_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c echo ping 127.1 -n 3 >nul 2>nul >c:\cd.bat&echo del "C:\Users\Admin\AppData\Local\Temp\78e4ed5e85d5f4c7200cb939e06061ac_JaffaCakes118.exe">>c:\cd.bat&echo del c:\cd.bat>>c:\cd.bat&c:\cd.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:3628
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.1 -n 3
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:5040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\yxxxx.CLL
    Filesize

    2KB

    MD5

    0bbe24d142f8bc1a0306dc608e70daf3

    SHA1

    da1e0fa05fee8f110e4a2fcbd00feb7995d643ea

    SHA256

    d9decf5c9d2ed1aa18bfc17fba4ae2e9dc997bf8820041279815214261700185

    SHA512

    b772b96264c26cd3494e6886bd0a2d5d49bbb09d584fe23cb8c9d9c3f9d7542528cd1376bbdc92ec0fa24a1e829ac5b104b986fa40f52df38863c41da77150b6

    Download Submit

  • C:\cd.bat
    Filesize

    125B

    MD5

    880627af3dea2abaf2447b14b3816571

    SHA1

    b2e2cf030af8e984c74dc9de1dda55bce62a5a7f

    SHA256

    534bf62a015d3249030a4121e9e876cde40d54c22e17528accb7c57d7f02fedf

    SHA512

    0f957faafbad111c5e9dc3aa562866269d1e915011f3d0bc23908387f7ea8beae69d2800207cd0306b4ed87dd58aa1be13010b3d614c3fccbdfae8c220c9e83b

    Download Submit