Overview

overview

7

Static

static

3

88f765f569...18.exe

windows7-x64

7

88f765f569...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 04:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    88f765f569dd3558228e0a7a8c5e22d9_JaffaCakes118.exe

  • Size

    147KB

  • MD5

    88f765f569dd3558228e0a7a8c5e22d9

  • SHA1

    ccacb555c79cd449169da8a6d0bd8b863aaedb2b

  • SHA256

    46768c1281dea1d72167cc5f7901f9a12588e69323a34d7ffbdb71662c11fdd5

  • SHA512

    d258b625b485c1e2eeddd04047ea16202b341d5ee50dc1b8d45dfc7be44ca465f23a66053b67e368b129dbfdc0b2f8fafad2ad777c5bf45d48b387207922a95a

  • SSDEEP

    3072:gCTCd857nhEcMiplVvauR3C9DthcASPQuHJZt7:gW57hEh0jrC9D6HZ7

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1240
      • C:\Users\Admin\AppData\Local\Temp\88f765f569dd3558228e0a7a8c5e22d9_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\88f765f569dd3558228e0a7a8c5e22d9_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1868
        • C:\Users\Admin\AppData\Local\Temp\server.exe
          "C:\Users\Admin\AppData\Local\Temp\server.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2396
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\88F765~1.EXE >> NUL
          3⤵
          • Deletes itself
          • System Location Discovery: System Language Discovery
          PID:1896

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\server.exe
            Filesize

            26KB

            MD5

            9d44a4beecc3901f4a46e7abcfda3625

            SHA1

            ffeaaf46a336ab7a087fb569a7ef51b9a8fbcf44

            SHA256

            db65c09c1e806943b1d40da13dd9298571a25a1c52f2164680e07340ad0eeee2

            SHA512

            fee8af4174d7efdb7888e7f69ef3c239114762c0cf1f4ac88898455f3e3d2c5d169c6c175cc85ae52b103eeb194e6efef122054d4887b012c4aac9a31aa67ebf

            Download Submit

          • memory/1240-17-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1240-23-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1868-12-0x0000000000270000-0x0000000000278000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1868-11-0x0000000000270000-0x0000000000278000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2396-13-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2396-14-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

            Download

          • memory/2396-15-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

            Download

          • memory/2396-35-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2396-36-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

            Download