Analysis
-
max time kernel
139s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11-08-2024 19:22
General
-
Target
8ba753e45133f4895aaa2d1989798e37_JaffaCakes118.exe
-
Size
138KB
-
MD5
8ba753e45133f4895aaa2d1989798e37
-
SHA1
bb68a0578decbf5ff9ce4ba2dda7bcf97fb1c0d8
-
SHA256
9e75d4a007088a84fe9d93ef6d96b2e7a56baf91b46eaa990dfe3beed4d986f3
-
SHA512
d0f365d2be55d27ba66e588374e198dd3ff0db9349b7f93c2d6f731ee6fab9cede90da9804f7d49010770787085b71ef1453aeb75287f7746244bfcafee746d2
-
SSDEEP
1536:F4Hbo2hEK8S3L5GtEW50n+Sv+UqdLiFmf+II4n954M9IYCsQrSt7tcWBQ:F47opK8Shjd+ndLiFsRI49zqY117tt
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ba753e45133f4895aaa2d1989798e37_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8ba753e45133f4895aaa2d1989798e37_JaffaCakes118.exe"1⤵
- Server Software Component: Terminal Services DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
720B
MD5a2beaefdad2e2f8d653991aaf816085a
SHA13d278964eba2d54894c2f656a065e90ddf264d24
SHA2560b49821f54694d81afd3c697d1257747e027c924b734682907ef3d26fe091198
SHA512d25f674829b904dfdf9f88ce021af680cd8bd3140c4d1a5ac0f6e495c7690bc3a9478931384e4b6a44a78f43abbb14bfefee97920535e694180162f4adec1b68
-
Filesize
138KB
MD516daf783dfbd346aa675805bd1bfe040
SHA10be6cb502fe7e65dac944793b230300c45f096ea
SHA25643211eaf611b2b01bcb3808997fa936bcd24bbd4cebea2c23933a965b7eddb72
SHA512b5d661979146444075070a8914b3cdff5f6b55c833159e0552408c3f9ec4b82bba5f99ddd29680ddf963ab25d9f736e27b5791baef7f2079a8be3d4b4874f626
-
Filesize
152KB
-
Filesize
152KB
-
Filesize
152KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
152KB