Overview

overview

8

Static

static

7

86e90cd7bb...18.exe

windows7-x64

8

86e90cd7bb...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86e90cd7bb625d388f42f571d3a1ba1b_JaffaCakes118.exe

  • Size

    3KB

  • MD5

    86e90cd7bb625d388f42f571d3a1ba1b

  • SHA1

    3e7030d037190f41940ec1dd1007e0f2ee606317

  • SHA256

    33e368cab4ca5caa49e17544e60797f8fa4ec0d4242aa58ab09ea307c70eef75

  • SHA512

    2e16d7367593c61af8554b9c90cfc8a6dc0bcf7fe998788d6fea7225f7547c5614e162f0d8159b1178e9a31fd54dc5ce5a3874e46f449deea75a5d5517ebc431

Score
8/10
defense_evasiondiscoveryupx

Malware Config

Signatures

  • Drops file in Drivers directory 14 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\86e90cd7bb625d388f42f571d3a1ba1b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\86e90cd7bb625d388f42f571d3a1ba1b_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c attrib -r %windir%\system32\drivers\etc\hosts
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Windows\SysWOW64\attrib.exe
        attrib -r C:\Windows\system32\drivers\etc\hosts
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:1096
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del %windir%\system32\drivers\etc\hosts
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2480
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 127.0.0.1 localhost >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:1800
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 www.officebanking.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:1436
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 officebanking.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2992
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 www.bancofalabella.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2604
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 bancofalabella.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:1308
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 www.bbva.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2356
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 bbva.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2660
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 www.bancoestado.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2744
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 bancoestado.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2796
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 www.itau.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2672
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 66.23.239.228 itau.cl >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 208.84.148.239 www.viabcp.com >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2540
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 208.84.148.239 viabcp.com >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2684
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c echo 208.84.148.239 bcpzonasegura.viabcp.com >> %windir%\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      PID:2648
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c attrib +r %windir%\system32\drivers\etc\hosts
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2724
      • C:\Windows\SysWOW64\attrib.exe
        attrib +r C:\Windows\system32\drivers\etc\hosts
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    216B

    MD5

    544ea5a10ad4290d7baebfa724492cea

    SHA1

    e8faa03ed5223b0dfa6c97ca111f09990087d1f9

    SHA256

    557e08a4724cdf0eb8b05b2c787b6dec335a32cb7dce285023f431d930bdfc1b

    SHA512

    0a6e3afc107f43aa7b3fccc15bec1a7f844af11def24fa45e53a02a3f93c8de58caae7f058275c12792bd5a62086482f3b9f10371e52b0891de3d8ce76692566

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    251B

    MD5

    64da753b8be6dd275607dec86154a7cb

    SHA1

    7d50ff09c7f50a8f4d47344016e7a64c6a32f063

    SHA256

    2ca3a18b589cb01eca6606de156f0aa507a9af115886b56d80a64b1a19255efe

    SHA512

    b1de4070922c45bfc46a8df5a05d9af5abf55a2a32fe1c4b045f3c949fa85ae43a4ece60f88347c9cfad86226ae8a1c5516f89fbd39254da89327ef40b39a20d

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    282B

    MD5

    299775837b19024b3c01dbabbc484362

    SHA1

    a4ea0e874c76126278cf9ff77e053eedeb91526b

    SHA256

    34da544145ba9c95dcd9f7063cadbd0f81830bc76890e45acf58f74ea9e6f11b

    SHA512

    aceac4f39cf79b0fcdbff9ffb3ec0153dce7b3b392811b540ec3f7a74f91738b773500258be21e44908695b12e3f8b9b4323f23852b048914472a73bb4d76d95

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    59B

    MD5

    c0a1fff7f2de6954373ebcd1d305ea7d

    SHA1

    50b2e5b3dfba7c84f542c8d59b91a3e4ce3459ef

    SHA256

    34ecc26febbe78bcf4e1eb37b928c1e582e03d35c83d128b2f39a958d3a0f314

    SHA512

    980b509ccce015f2f658277f776936764ab5d30e0c24a5242ff53ba346c534f1ad9c6a59af209398efc0ccc37bd47c3f7488eac4537f05cb054829ad1b963fcc

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    334B

    MD5

    e6f78ed440e1bfba12f233d5fdb5e812

    SHA1

    b2756fcd79bbb44e7e8b25bfb1e1812d54a21352

    SHA256

    8b1ec972baa3c7448dd064c0ad1dc0e9036983b58b0db8daa30b49af17a9f448

    SHA512

    9fdffedba5053e45b96da5ecc03b0439b3bad96e01f01b24f2076d2c7583dda48c5ea9dcca7e4b09da8012e4a78832c385d4a991badeccbea1bfa39525cb5680

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    394B

    MD5

    30e757081591f8cef2508be057b45a1b

    SHA1

    aeab6549f66a25d5bd00a954216df345923b5f37

    SHA256

    92c7c6448089fe8a9e2450c9c15cde1e73b2dc39f6311bdf736ce363bc11bcd7

    SHA512

    e5b43b3aaed695d36ca0435ecf81d009e17a01b1cd544846d4780af3aa989fa81be4cb0a32e6624a90a47e97df09d22b78757a8344e67915074ee5226d5e8392

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    436B

    MD5

    f8779d76795aa6da7f87000c5c7f4738

    SHA1

    cb7382768816e92ccaabcada3d77a8513fa2cc3b

    SHA256

    279d98af9af076b2c5d5e51da87aa9e41b695646d1fab3eb738473004810c78a

    SHA512

    003616d77e09e8cf4465c119147e80db2fdea1398928a8e4310d02389fecb078f39a6a0d11440d11027f23cb7c2a5b971417049367b56a67708087818e37003b

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    92B

    MD5

    553eb1da1e73a0ee8d338e3a5b256ff5

    SHA1

    8d5612600c51654c692f7f30aa620736938153c0

    SHA256

    f81cf12772defa75cec2bfecf89bfea1593ee1604dc08af984d2cbbeaf4b7d48

    SHA512

    b19ae35bfef3501bf4035660244a3e603a9f828f3793967c276912113863c0f10d781ae0cd6771f3182729fd110bea9162930335ac0f684df81e4c7e4d890151

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    130B

    MD5

    19d0663eddc39697b497ffc12fb04ffd

    SHA1

    4c1aa8e4c6297dee4dab6446af37ca8cd5e777d1

    SHA256

    b712cb86ea0842c59518456288f04f848b5ce846621617106bf2641fb49705ea

    SHA512

    ea731761e0b27310bd17dff1e8e53de553d4153c3f90bd3ee2a0a3c9d8252463d52399dd8783bbf398952e8497243f9ce009140d0d006fbb601f3edf3cc02b38

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    164B

    MD5

    5e14c695664d8f300f00f0fc6fa61879

    SHA1

    f7b2e0cdd4d3ce5b62a917414917683d5d8935f1

    SHA256

    cce8c01a8dbeb9b1d069b500459ff20118d87a145d394676799de73c448bbb9f

    SHA512

    ad52e6ca7db013062e2c1d7f4ea30feaadf2c83ed91707f5869c6f79bf414bd2ffe359aeefd2fc16c350f26b95569cdb6769c085cea500fcf7cf62066a3d8751

    Download Submit

  • memory/2292-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2292-28-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download