Overview

overview

7

Static

static

3

8eeb282a68...18.exe

windows7-x64

7

8eeb282a68...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eeb282a68828c9689742dcb3a2fe057_JaffaCakes118.exe

  • Size

    584KB

  • MD5

    8eeb282a68828c9689742dcb3a2fe057

  • SHA1

    6c7e7a316dfcda2d9168ebe08947d0b2864254fa

  • SHA256

    c2d380fe568c45811f2c12712c466d415d6d067865c6ba62f846570c61ff67b2

  • SHA512

    274ef5f8535f21d53182293281a42255ca80571b665b38c55bda6f6e690aa46ea67c6ff01575a18986377e76523a4db61fcf1502810554101a6c6800be371ad8

  • SSDEEP

    12288:L+3YCbVqpKIR6octd/0eITp23UJlZccgT3YcuEPH:L3a84octsTp7fZyT3v

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8eeb282a68828c9689742dcb3a2fe057_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8eeb282a68828c9689742dcb3a2fe057_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Program Files\Internet Explorer\task.exe
      "C:\Program Files\Internet Explorer\task.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Internet Explorer\task.exe
    Filesize

    584KB

    MD5

    683fea891a0513ce6333c87647c9211b

    SHA1

    88bd5763bf346e4f7793f1bc5c002e9918101ae2

    SHA256

    de1d09b606130cf607da0ac6cdbddb432b3fabc0986a95cca1d71be2963c889b

    SHA512

    a48214802588183d6c77703af61b7aeded14b8ebf7116b901a5035b7dad05c3414f3ced0148c93dee5a5e845dc98b8e68931031d8fc6a61fa4d417f7172e47b8

    Download Submit