Overview

overview

8

Static

static

7

940f22e765...18.dll

windows7-x64

8

940f22e765...18.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 17:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    940f22e7652e5764855338853df25cba_JaffaCakes118.dll

  • Size

    60KB

  • MD5

    940f22e7652e5764855338853df25cba

  • SHA1

    33d25c8cd0db2bcf3e44cbc7dd24ca850d1a98fe

  • SHA256

    1a8fdb85a62c607337f624d8fe6eefdde8f01b37ca5833effa2fcb82f64bbb60

  • SHA512

    c1b88f25c1504dbeada407ab53bb400eabfb742ca0255b3daf6a668649b5cd6fc44d015b399bb96331be0b6e5e893ef5c277b1f91daa09810497f9b216afd886

  • SSDEEP

    1536:Mv/qF/UyvlerQL6Hh5s/9Pc7tiaCz0HbvuMbN6hj:MvSEMUK1jz8zUhj

Score
8/10
discoveryupx

Malware Config

Signatures

  • Drops file in Drivers directory 4 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 9 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: LoadsDriver 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\940f22e7652e5764855338853df25cba_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\940f22e7652e5764855338853df25cba_JaffaCakes118.dll,#1
      2⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\drivers\ahnsvr.sys
          Filesize

          17KB

          MD5

          c14d73d00e2690e73cd2e7f33c2ec9a6

          SHA1

          fc47b93979ad891006de5086b918d5f68cb73def

          SHA256

          d5723778b4e46ceaca73a5e38f4a0a375916628f481cd177945f263fc8d5e6a4

          SHA512

          322fe55bd21bb9ff2f9bb1b9911b076a38b5c6c1f795758ce84bd9b983af9171fb6ef030f68b030f97e509896603be906c56605d45023adbda5ce426fb022c2c

          Download Submit

        • C:\Windows\SysWOW64\drivers\ntfsny.sys
          Filesize

          23KB

          MD5

          5488e72d9e44bec526ba0c604b356932

          SHA1

          2b2e1ec0811d69de56e2d48103a3149a394adcf5

          SHA256

          2855ca077b3af72b125c40c9cdae7488437ff983b1ce9a12ab122e3715ef7fc6

          SHA512

          98bfb0dd9cec21a3973df0c255f3d8f0964086fc4adfe80b5cda623347aa8f495d36e18f54df743e05b6fdb14386f74fec03ef9e4523a91a83a38acdab0797a2

          Download Submit

        • C:\Windows\Tasks\ahnsvr.dat
          Filesize

          17KB

          MD5

          28a81e0787218faa7cd2555c59528d90

          SHA1

          0dca60f701d694bd267c71665d3b20826d0b8a68

          SHA256

          3698fb1ccd6adca47a075368b808c60ef7e7e1dad7d8f02178d06b9873c9472d

          SHA512

          4ffc31bc2c698fabc3103f94323bd061b3e57d0e25528d4fcf51922b08ce9fdabc4738cd5543ffb8d03abdb1870ba455a0112e732b7f86ff6945ad299ab5573a

          Download Submit

        • C:\Windows\Tasks\midisappe.dat
          Filesize

          60KB

          MD5

          5bd7bb92af599703c774822cca80b7c8

          SHA1

          4b0d404dff67315ab3df976cce6aaf648a41ace3

          SHA256

          8722d5d0c34b4950ae205c5b59772a5f96b83e3bf258070790d6020e47dfd03b

          SHA512

          a3e19b852b534b0eecae13281b7498f6c39e3221dc924fc4d4614d04663d24bc84858c7f28277bb9fded3e894047c2f6f39ceb75bcad722f5a1ddf8240a9a49f

          Download Submit

        • C:\Windows\Tasks\ntfsny.dat
          Filesize

          23KB

          MD5

          29543fa2aae9e2c6fda45f1a20239fc1

          SHA1

          781debbcbfc8476fca8fb71a04501e9a46d0a184

          SHA256

          dfaec4a80ad2a370724c50ca5e1b285cbcd4444ae25db93c0218fc7f0ffda466

          SHA512

          cdb18caa520abffe6fdf6b2b6d631d48e5d0f1958b3f83de2571d22e15d0bbe3bd3a415cade0fba44c0dcfd5aa46ae5b4815232488d8a6d768ac0a6befdffb2c

          Download Submit

        • C:\Windows\ver.dat
          Filesize

          3B

          MD5

          5b69b9cb83065d403869739ae7f0995e

          SHA1

          2c9a62c3748f484690d547c0d707aededf04fbd2

          SHA256

          1158e7e12c5e7362318e5e3c2e1f2f1ab49578ab1d1691e9818a7c3f6b30b528

          SHA512

          3d32b8820cdcb5df4d4044a01f8dcc2aece48fae99398ddb3914b27c8f528ba7f6660a2c7f616e6b3c8ba4faf2d4c930bbc918c49070f5ea5076c345f0f2a22f

          Download Submit

        • memory/2708-0-0x0000000010000000-0x0000000010035000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2708-19-0x0000000010000000-0x0000000010035000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2708-6-0x0000000010000000-0x0000000010035000-memory.dmp

          Filesize

          212KB

          Download