Overview

overview

7

Static

static

7

8b3113bf30...18.exe

windows7-x64

7

8b3113bf30...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b3113bf30b5269904f305b6a84c7e98_JaffaCakes118.exe

  • Size

    137KB

  • MD5

    8b3113bf30b5269904f305b6a84c7e98

  • SHA1

    85bfd612a7033fb51664e071ad6ffcbd9f53e0bf

  • SHA256

    d35cbb64801236501b9440f8888c98b6b98965907e783b05c1208be38db63850

  • SHA512

    c89d69aff773fd0cd49ee3de15e0bbfb3a2eac6a70f702648d8ffc7c875d0a81ecf9e4bb431c20b6c660416790c7c0fa589525a84cd79f4b1da45143fecc8adc

  • SSDEEP

    3072:WYuwM0iyK1koxKcPjLEBOo+DT8wu35V2wmG0IOUrzluEEHSgw:W/70eZE40wupVrdrAEBg

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b3113bf30b5269904f305b6a84c7e98_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8b3113bf30b5269904f305b6a84c7e98_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Windows\Inokua.exe
      C:\Windows\Inokua.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Inokua.exe
    Filesize

    137KB

    MD5

    8b3113bf30b5269904f305b6a84c7e98

    SHA1

    85bfd612a7033fb51664e071ad6ffcbd9f53e0bf

    SHA256

    d35cbb64801236501b9440f8888c98b6b98965907e783b05c1208be38db63850

    SHA512

    c89d69aff773fd0cd49ee3de15e0bbfb3a2eac6a70f702648d8ffc7c875d0a81ecf9e4bb431c20b6c660416790c7c0fa589525a84cd79f4b1da45143fecc8adc

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    77fd68530d27848d1ae4cb4da2454f97

    SHA1

    f7ae850467a5909c5c4d6caf12b54d40f99d5d6c

    SHA256

    a1932c02d42c46bc2e91277fd4614dcab2e0349d9f0a8e7af98270dbd2121a82

    SHA512

    07a79166f510389c3a16b839cf8533beb8f75188ae18ee9270b06dc471295bd3fcc015d5e5439efd8d59544a3e6c4bd7109690371200b576edb1c097cbe686e3

    Download Submit

  • memory/1512-1-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1512-0-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1512-8-0x0000000002710000-0x000000000274B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1512-63030-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-9-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-10-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63031-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63033-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63034-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63035-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63037-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63038-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2940-63042-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download