Overview

overview

7

Static

static

3

81ce2d4389...18.exe

windows7-x64

7

81ce2d4389...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe

  • Size

    292KB

  • MD5

    81ce2d43894247bb937aec302c389d66

  • SHA1

    7c17dd6767ceb7ec9641e1eba67afd726c2a52b8

  • SHA256

    63aed26cff6262ee228ebabd80de9e7e484d8b97f5c82168b50d0c037b147231

  • SHA512

    0b450eb02ca935a6480947ede8fcb0dd3c055c03d2ca445b2d28bfbea694f7302e64832eccacf6b822c5f998805a01bcd5f2ce00e753c76be934c15583c6eb54

  • SSDEEP

    6144:bHogBfdMhCuP79ww5uZbFxaSsBk3+ufkVsXXkSSuY:iQuxwGgbjPsBBuf05pT

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81ce2d43894247bb937aec302c389d66_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1120
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\xinstall1203100.dll
    Filesize

    210KB

    MD5

    4104e492c52eec748c7dabf6e7b7c6ae

    SHA1

    1934b8179d66b1cd77b9cc7895019e796d3002a8

    SHA256

    5c300885b514ac531ea31663ac3ae0d33095673d58d29b29df698837ff26e93d

    SHA512

    dea480d599d8ce9ea5c5fe6196ec088c5e13f24e1a067beaebb2819cbc6cbad1d41f0ce06f87961d508d673b7d0971af0abbadee77f118ec1bea612844d91058

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    115B

    MD5

    50fa48b7f036b2cd9c3b1be4ec9116f2

    SHA1

    9e2bd4798cb350192ef90309c8979a9b5e815896

    SHA256

    5e9b3a06dfee595fce9b83e52ba4bc17e792a9064e3bbda66595aac0033e4622

    SHA512

    2cdcc66b08fb675ad394df82410b5ca63f9c71ff61ba988f8161a93117f91f5d3c2791090cc0b708884f0079976fc6cdb0812d872ddd72bce46fb21a362f856e

    Download Submit

  • \??\c:\windows\filename.jpg
    Filesize

    11.4MB

    MD5

    0582cd282ae21ac579e1709f96b67587

    SHA1

    8f434d5ca340a4c918bba711342c1dfd5b4dcb61

    SHA256

    b3bb5cc65faec37e82903b4dd798fa55061f547c683e1b41d325b53effa20428

    SHA512

    b3b15974b49c8c5d6047f594aed68b9c5e7ac47aae8b2602f7bd40cc932918e4b5698e96546d130f5b436dca79154daf3e6572180b84e434d1939a4b6cf1c877

    Download Submit

  • memory/1120-6-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1120-14-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2172-16-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download