Overview

overview

7

Static

static

3

8dda959a31...18.exe

windows7-x64

7

8dda959a31...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 07:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8dda959a31cf488e2d16387a66d0fa21_JaffaCakes118.exe

  • Size

    501KB

  • MD5

    8dda959a31cf488e2d16387a66d0fa21

  • SHA1

    34fc80f83849b098793dd39957c1037d1889b8b6

  • SHA256

    5ac6149603c65c1c5153c72f39711d64b6a03b772a7e068662dff4db1171791e

  • SHA512

    6d870145e82c0a6cbac8e9f32c9e99744c03c7d1ab72bde8a30311b8245dc721c7c78777aec7c941d5f747b218586d401e3013a93c6e0eb11b5ce3199fb2da3d

  • SSDEEP

    12288:vHFw56UzwZdXSS/Sf2tWG3jiwu/GW+aX5uET6aUzWhLskc7SFu6:vtUzq7XjxoTTmzEBq

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dda959a31cf488e2d16387a66d0fa21_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8dda959a31cf488e2d16387a66d0fa21_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\ProgramData\kF42900FmOpD42900\kF42900FmOpD42900.exe
      "C:\ProgramData\kF42900FmOpD42900\kF42900FmOpD42900.exe" "C:\Users\Admin\AppData\Local\Temp\8dda959a31cf488e2d16387a66d0fa21_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2564

Network

    No results found
  • 86.55.210.118:80
    kF42900FmOpD42900.exe
    152 B
     3
  • 86.55.210.118:80
    kF42900FmOpD42900.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\kF42900FmOpD42900\kF42900FmOpD42900
    Filesize

    192B

    MD5

    1b43da0d70555d5e36394de4b99f708c

    SHA1

    0391a72870dc854cccfa7a01300d755a8ca41180

    SHA256

    4f80a28aa34bdf5c7684da4ef73a34d1c314a527115eceabc6188f458e19702c

    SHA512

    16fe29d3cfd31e42ec9f4335cc870c7d64ca02a04ca7ed0e4917d86801300facfaae604cdc50681dceb4e1013e7fcae6a86beb042262ac70cf92a8d032ea18ce

    Download Submit

  • \ProgramData\kF42900FmOpD42900\kF42900FmOpD42900.exe
    Filesize

    501KB

    MD5

    83d73d077910927252c6321d49d3b803

    SHA1

    428880cf68d4b740e1c046eb716aa7ed51b8f349

    SHA256

    07bdfb8302bcff1e88ea99236f414caac9f2003c94550967f9ca60f05599e470

    SHA512

    f623e056fe82a02148f676caa34fb9573b8541f9dc4c26335c2ac96f62d80c3e7edd0c549fdcf0b9deae7a72c1dc454180233c826090ab7b36ac9a38174af667

    Download Submit

  • memory/2268-2-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2268-1-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2268-19-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2268-18-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2564-23-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2564-22-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2564-32-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2564-41-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.