Overview

overview

7

Static

static

7

a835422db7...18.exe

windows7-x64

7

a835422db7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 21:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a835422db73bd9fb6c427afac47d596f_JaffaCakes118.exe

  • Size

    284KB

  • MD5

    a835422db73bd9fb6c427afac47d596f

  • SHA1

    bd263170726b57320f0ddda1723dd11600b6ab02

  • SHA256

    fff0290e60052f5dc8fd647c85ea36da0f1bd11d38a948460022d1b98baf5890

  • SHA512

    e889bf6a36eddc9400e91de3a809f910ae505f08bf675794895bf8337d323a6dcf660c845d2ac252b229c846a3e2bda186a146140f6f4f358c7dbd217c01d4ab

  • SSDEEP

    6144:jCbwGiXbFc/MqJ+u/8S0VJG7xwvlbs1J/kJT2sVr2utPh7TbE0QiwLj:GbKBc5l/bIv+1xkZ20xhvbJfwLj

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a835422db73bd9fb6c427afac47d596f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a835422db73bd9fb6c427afac47d596f_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2792
  • C:\Windows\systemstups.exe
    C:\Windows\systemstups.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2224
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x188
      1⤵
        PID:2892

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\Delete.bat
              Filesize

              214B

              MD5

              fcc6e8bb6d7948650a3d9aa79337977d

              SHA1

              17d3295210980158673521af9460d7ee4271624e

              SHA256

              0b695b1547ce48a665b759b92bf62f4cdae804853f758891bf0239169f7f5f06

              SHA512

              b77b788f298ff735c9face804a636bc0f92ee53ee5556e63fd9092fbef1f3547a0fd07f387c3ea828e64cdfa825942c9ab8bbd0c8ec318f03a6455c6c3df6766

              Download Submit

            • C:\Windows\systemstups.exe
              Filesize

              284KB

              MD5

              a835422db73bd9fb6c427afac47d596f

              SHA1

              bd263170726b57320f0ddda1723dd11600b6ab02

              SHA256

              fff0290e60052f5dc8fd647c85ea36da0f1bd11d38a948460022d1b98baf5890

              SHA512

              e889bf6a36eddc9400e91de3a809f910ae505f08bf675794895bf8337d323a6dcf660c845d2ac252b229c846a3e2bda186a146140f6f4f358c7dbd217c01d4ab

              Download Submit

            • memory/2120-0-0x0000000000400000-0x00000000004B4000-memory.dmp

              Filesize

              720KB

              Download

            • memory/2120-3-0x00000000001D0000-0x00000000001D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2120-15-0x0000000000400000-0x00000000004B4000-memory.dmp

              Filesize

              720KB

              Download

            • memory/2900-5-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2900-17-0x0000000000400000-0x00000000004B4000-memory.dmp

              Filesize

              720KB

              Download

            • memory/2900-19-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download