Overview

overview

7

Static

static

3

a7267953da...18.exe

windows7-x64

7

a7267953da...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 15:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a7267953dab714dbf56b6e451b14d424_JaffaCakes118.exe

  • Size

    352KB

  • MD5

    a7267953dab714dbf56b6e451b14d424

  • SHA1

    0058204f427f310af662cfaf99e3f146453b2f3a

  • SHA256

    ebb05cf10878e1caa017b3850780146d51d591e13ea18a2eb028c719b3dd1248

  • SHA512

    05fb8594eb069da09929597ed9439b8c8cc34bcb108f5d9fd60dead678c1839abe6c34ff74277cb162f21d7e1e995e53f1ff5913c5fa419949f5794639c38514

  • SSDEEP

    6144:PKwLo77p0yN90QE3QT93oV46wm1dSo06qSyINv:LLoay909QTCzdDh/ya

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Molebox Virtualization software 1 IoCs

    Detects file using Molebox Virtualization software.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7267953dab714dbf56b6e451b14d424_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7267953dab714dbf56b6e451b14d424_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\44.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\44.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\44.exe
          Filesize

          206KB

          MD5

          425eaccb0fdfd358c8e6533ea6f7d206

          SHA1

          d14cc635f3a925bda078475c64468defbb8d01ad

          SHA256

          c6bd2897e989bf33873b03d32bc2660a89f2701e8ed9690e90e4685d2174dde4

          SHA512

          c996dc82810fcc3f04d9ff46026a593eb7e2ffce730e59e6c53e9945fc3fe50677c847c67defdfecbe2f911a51aeb4216e3ff77e78480cc3ca1f8ab1aa546d5c

          Download Submit

        • memory/636-5-0x0000000000520000-0x0000000000521000-memory.dmp

          Filesize

          4KB

          Download

        • memory/636-6-0x0000000000690000-0x00000000006DD000-memory.dmp

          Filesize

          308KB

          Download

        • memory/636-11-0x0000000002200000-0x0000000002210000-memory.dmp

          Filesize

          64KB

          Download

        • memory/636-10-0x0000000000BF0000-0x0000000000C00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/636-8-0x0000000000550000-0x0000000000560000-memory.dmp

          Filesize

          64KB

          Download

        • memory/636-9-0x00000000772F2000-0x00000000772F3000-memory.dmp

          Filesize

          4KB

          Download

        • memory/636-7-0x0000000002200000-0x0000000002210000-memory.dmp

          Filesize

          64KB

          Download

        • memory/636-12-0x0000000000C80000-0x0000000000CA1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/636-13-0x0000000000690000-0x00000000006DD000-memory.dmp

          Filesize

          308KB

          Download