Overview

overview

7

Static

static

7

884ab7f69f...18.exe

windows7-x64

7

884ab7f69f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    74s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    884ab7f69f7fd10395837f890fcba2df_JaffaCakes118.exe

  • Size

    452KB

  • MD5

    884ab7f69f7fd10395837f890fcba2df

  • SHA1

    08a883262cf2a2b45e793a65985e111b2b162d16

  • SHA256

    b17a137070afe35c517fcdc79e9550b941cde3ae5db52dda4d1780ce4fb98501

  • SHA512

    305850c6673dd23997899cf13178f4aff357df4e346ffb195f03b4460f0a240d2803791e2485b69703cff6241eb36cda2ad305aa91630c16d326e6a22df0ece2

  • SSDEEP

    12288:/jkArEN249AyE/rbaMct4bO2/VfQwi3ENsPK:sFE//Tct4bOsri3PK

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\884ab7f69f7fd10395837f890fcba2df_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\884ab7f69f7fd10395837f890fcba2df_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\debug\D41D8CD98F00B204E9800998ECF8427E------kj\ExtraInfo.txt
    Filesize

    96B

    MD5

    0b46391929559eb9be70f447f614da47

    SHA1

    8addb5584d3962d470665abdedd93476033ff0a1

    SHA256

    c2e51ad713b120c5c77f521bc6e8f4cbc0fdfb6485fec42d3e43616e0fd74586

    SHA512

    0bb2cac30ef005d8613b4b5d1967a2ee3b039d10cdf93d00d4b230fa26c886265958b235b1e4f5df5de139946db6d0e7dee74fcfe6fdee51c53319548eaad39f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\debug\D41D8CD98F00B204E9800998ECF8427E------nc.zip
    Filesize

    22B

    MD5

    76cdb2bad9582d23c1f6f4d868218d6c

    SHA1

    b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

    SHA256

    8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

    SHA512

    5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\debug\D41D8CD98F00B204E9800998ECF8427E------nc.zip
    Filesize

    302B

    MD5

    6f565fd32372c1d50bcaf1c733b7cfb1

    SHA1

    7048a161b6fa6dab02ecda7443968eb7e67b80f5

    SHA256

    2cd93bfba86b2286f5e43876dc444923ce2eafec4d7686a2c401d1d86695dfb1

    SHA512

    7c3417ba154749cf03528a5e9f75100bcb1eb2d6385f02feddb375465da3242b2efc6c161955f1fa6de25c446beb2b98fa0b5a710fa1d7fb1f2038d56f418b19

    Download Submit

  • memory/2316-0-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2316-1-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2316-37-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download