Overview

overview

7

Static

static

3

957e2bbc9f...18.exe

windows7-x64

7

957e2bbc9f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    35s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 09:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    957e2bbc9f7ee3830a56672b11250ee9_JaffaCakes118.exe

  • Size

    356KB

  • MD5

    957e2bbc9f7ee3830a56672b11250ee9

  • SHA1

    81ad26a50bb036c2d2f784a370b473da81410fd4

  • SHA256

    59702f378c665fedd87d3d98d652e83ba72b8c028fe5aef44233d83e009b123d

  • SHA512

    f807f3a24b48c858d767ba05c5c1549a75475ff01589bc6bf7bf9b9da968fac020c7dd3ac475a7074732fc37c56e6ffc148eb168d9278d2b15ea71220a31d5f2

  • SSDEEP

    6144:7vbx8Gv1pFM7UipZAViHo6YsU5Fi91EzGHsZUa:7Xv1Y7UUZAVj6JUbigGHct

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\957e2bbc9f7ee3830a56672b11250ee9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\957e2bbc9f7ee3830a56672b11250ee9_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\957e2bbc9f7ee3830a56672b11250ee9_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\957e2bbc9f7ee3830a56672b11250ee9_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:380
      • C:\ProgramData\5KcZLVE45lRShKjQ\9it8pVghqTUntd.exe
        "C:\ProgramData\5KcZLVE45lRShKjQ\9it8pVghqTUntd.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\ProgramData\5KcZLVE45lRShKjQ\9it8pVghqTUntd.exe
          "C:\ProgramData\5KcZLVE45lRShKjQ\9it8pVghqTUntd.exe"
          4⤵
          • Deletes itself
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:580
          • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
            "C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe" /i:580
            5⤵
              PID:1872
            • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
              "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe" /i:580
              5⤵
                PID:2932

      Network

      • flag-us
        DNS
        c.g3log.com.br
        GoogleCrashHandler.exe
        Remote address:
        8.8.8.8:53
        Request
        c.g3log.com.br
        IN A
        Response
      No results found
      • 8.8.8.8:53
        c.g3log.com.br
        dns
        GoogleCrashHandler.exe
        60 B
         120 B
         1
        1

        DNS Request

        c.g3log.com.br

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\5KcZLVE45lRShKjQ\RCX98A7.tmp
        Filesize

        356KB

        MD5

        5dd33a0a117cc0b406db0db1a96abc73

        SHA1

        838d76f7fd03f4d02f3fa7c2e5c3441aef4920a0

        SHA256

        6c7d4501ae0ff167792f0e70d9a69f41dff6a052754cacca82af8913927bfa14

        SHA512

        e56ab47619f2ceb51984899bc4a12884bcf39d93aa7898f7be6131994350af4d7b32d20310c2d97a9cc1eed3791fc037f328a040101adca81d0cea55731fef1a

        Download Submit

      • \ProgramData\5KcZLVE45lRShKjQ\9it8pVghqTUntd.exe
        Filesize

        356KB

        MD5

        957e2bbc9f7ee3830a56672b11250ee9

        SHA1

        81ad26a50bb036c2d2f784a370b473da81410fd4

        SHA256

        59702f378c665fedd87d3d98d652e83ba72b8c028fe5aef44233d83e009b123d

        SHA512

        f807f3a24b48c858d767ba05c5c1549a75475ff01589bc6bf7bf9b9da968fac020c7dd3ac475a7074732fc37c56e6ffc148eb168d9278d2b15ea71220a31d5f2

        Download Submit

      • memory/380-7-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/380-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/380-1-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/380-10-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/380-8-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/380-5-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/380-27-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/380-25-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/580-39-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/580-55-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/580-51-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1984-6-0x0000000000400000-0x0000000000464000-memory.dmp

        Filesize

        400KB

        Download

      • memory/1984-0-0x0000000075D41000-0x0000000075D42000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2784-36-0x0000000000400000-0x0000000000464000-memory.dmp

        Filesize

        400KB

        Download

      • memory/2932-46-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2932-52-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2932-56-0x0000000075D30000-0x0000000075E40000-memory.dmp

        Filesize

        1.1MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.