Overview

overview

7

Static

static

3

a0ddd0f176...18.exe

windows7-x64

7

a0ddd0f176...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0ddd0f176edbaefcec64c0402c8b44f_JaffaCakes118.exe

  • Size

    384KB

  • MD5

    a0ddd0f176edbaefcec64c0402c8b44f

  • SHA1

    a4d231f97c444285d7f78feb3a04d81e6a80c7b9

  • SHA256

    92308efe1fc026148aad59db9055360c9c487d628daaff7e856cf2b2d154bf2a

  • SHA512

    402198f2929895d788dcf19c233abee4148362855d30e536552a33fcb00cfaace2afeee24a9c1d5a16d676fefc43501a84f4256ecc5573c76b983db6b092c10a

  • SSDEEP

    6144:d1WDKhasZAhpsereuegftOsvO6BbCViCLmVBZslF+v8VAymrpXWuazt2:zrBZAhplAg1Pv9uPLmV3slFa82yEVW

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0ddd0f176edbaefcec64c0402c8b44f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a0ddd0f176edbaefcec64c0402c8b44f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\ProgramData\gC01803GnNkL01803\gC01803GnNkL01803.exe
      "C:\ProgramData\gC01803GnNkL01803\gC01803GnNkL01803.exe" "C:\Users\Admin\AppData\Local\Temp\a0ddd0f176edbaefcec64c0402c8b44f_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\gC01803GnNkL01803\gC01803GnNkL01803
    Filesize

    192B

    MD5

    6fbe74a87c0bad607b6dd35aa9600557

    SHA1

    a6d0de7580d5b8f316755f21581a331afeb951dd

    SHA256

    f155179f3b9a83d4a47df940b1afc85b09fe8b064bd47a13d469d41225e37658

    SHA512

    93eaaf8c456033a96b9dce793e868b48370073edf74a8848fb547aee897b4693fc0ef9c75862271f37eacff1875b3b53abcc803b101174810359ebf55c4a64d1

    Download Submit

  • \ProgramData\gC01803GnNkL01803\gC01803GnNkL01803.exe
    Filesize

    384KB

    MD5

    25d7554afc5e15727ae543a8206da46b

    SHA1

    66c9f335d35cd85c9eba7744d2190e89fd7cb29d

    SHA256

    0435d5d72481caeaadabe53513917f0d85d82dc068960f5c140266118ac768ad

    SHA512

    13e22854e61db8e1945138f2fb396c958e8831b7a715c61c324ee7d70612188dcdd6ceb7cc12e562e27e1c9cfa78c14dea8743a6cf1bac037eca72bffaf624b4

    Download Submit

  • memory/2496-0-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2496-3-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2496-18-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2820-19-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2820-25-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2820-29-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/2820-38-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download