Overview

overview

7

Static

static

7

94089a0907...18.exe

windows7-x64

7

94089a0907...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94089a0907ee023a99d414ee9312d176_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    94089a0907ee023a99d414ee9312d176

  • SHA1

    d41583770e0ac8d00eaf4f0ba65803324f4c912e

  • SHA256

    b88c8d715fc982a5f113cc802f76dfcccdb824c2c6c4e22f88f9395d1522d4c1

  • SHA512

    b3e0c39eb604d56e00322c9905c90bdf9fafaf356518186d1642b0a574ff39d16c79be0b3f9932e4d5cfc08c4d5442c4837fab895d53a1087f015c89b1bf634e

  • SSDEEP

    384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNllPVs:Dv8IRRdsxq1DjJcqfAVs

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94089a0907ee023a99d414ee9312d176_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\94089a0907ee023a99d414ee9312d176_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpDF4A.tmp
    Filesize

    28KB

    MD5

    d33aa99c8e1268bc32faf8659cfd47a1

    SHA1

    a4e254e5ce000f7bdf5e553a16438708fa0ff5a3

    SHA256

    83c657f640b36f72aa1c6a0ae74d559f5c5f946fc88aaf99125c56e918f7460b

    SHA512

    023698539c0d7224fbcf9c08b9929c09975a686d2517c86f68d69a1e6efa432b88d45c49c4c6292a860b10b097eb27619c879150328705e75b0017c4f0b4cd70

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    1KB

    MD5

    003401c7d89a922889a5f248df491a1e

    SHA1

    70749a62f1a1ae818d758c671ea88d1086ed2661

    SHA256

    596102e929740528347153f27c8bad9ed9b48d7f44562d96f3b99ef33fc3b90b

    SHA512

    2265747b6372af947621ea6a2539986dfbf7b6c9dc74dd274023d2ccd032e9d15cc3a0a59695609c03bbf85d3e2ec0930dc36012788a77cf6413608df8f34834

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2868-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-51-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-27-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-34-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-39-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-86-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-81-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-46-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-79-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2868-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2876-69-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-73-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-16-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-78-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-45-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-85-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2876-4-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download