Overview

overview

7

Static

static

3

81ce2d4389...18.exe

windows7-x64

7

81ce2d4389...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe

  • Size

    292KB

  • MD5

    81ce2d43894247bb937aec302c389d66

  • SHA1

    7c17dd6767ceb7ec9641e1eba67afd726c2a52b8

  • SHA256

    63aed26cff6262ee228ebabd80de9e7e484d8b97f5c82168b50d0c037b147231

  • SHA512

    0b450eb02ca935a6480947ede8fcb0dd3c055c03d2ca445b2d28bfbea694f7302e64832eccacf6b822c5f998805a01bcd5f2ce00e753c76be934c15583c6eb54

  • SSDEEP

    6144:bHogBfdMhCuP79ww5uZbFxaSsBk3+ufkVsXXkSSuY:iQuxwGgbjPsBBuf05pT

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2676
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\xinstall44900.dll
    Filesize

    210KB

    MD5

    4104e492c52eec748c7dabf6e7b7c6ae

    SHA1

    1934b8179d66b1cd77b9cc7895019e796d3002a8

    SHA256

    5c300885b514ac531ea31663ac3ae0d33095673d58d29b29df698837ff26e93d

    SHA512

    dea480d599d8ce9ea5c5fe6196ec088c5e13f24e1a067beaebb2819cbc6cbad1d41f0ce06f87961d508d673b7d0971af0abbadee77f118ec1bea612844d91058

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    113B

    MD5

    07fe8484b92d4acfd0e3ff91f86cac0f

    SHA1

    089972474357ed70b42279ad335e69e5ed738b35

    SHA256

    c8f956edf97f3f70eeaaf637c6eae737cef8f1f32ef9b77c31cc1e489b60fe7f

    SHA512

    c29101b830eb96edab28b6a368e793acbb25906274e063a367880418452008abbb8759c442e9076c8314771d5a51b01ba62aeab0329b3505de01356106ba36f2

    Download Submit

  • \??\c:\windows\filename.jpg
    Filesize

    11.0MB

    MD5

    e3056a9f88274f60970d9944444b54e5

    SHA1

    a01885f4b912fd1d4319e6c0d687ba430cde7811

    SHA256

    1ad5b897011d3b16319c5d5f0e924536ff5c93048dfc56e54103c9b001ae99a8

    SHA512

    d703ea1d408a1afc403d66bf722fa7daaaa758026c0e648e4e5d9c095822b05f2c2cc6210532a94cf96a081b654c747f0bc8c4c9b5acd722f82171be39034abc

    Download Submit

  • memory/2516-19-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-21-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-14-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-15-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-16-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-17-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-18-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-28-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-20-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-27-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-22-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-23-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-24-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-25-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2516-26-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2676-11-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2676-4-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download