Overview

overview

7

Static

static

3

ace1332698...18.exe

windows7-x64

7

ace1332698...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ace13326985fe81bd83ee84a5c8a69ef_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    ace13326985fe81bd83ee84a5c8a69ef

  • SHA1

    69205da4c4657f43135ed8bf5c23a6ba3e84609c

  • SHA256

    5af9f7a2e23a5b5862d8d4b02ddde12f4c43ec43e403063776583bcf4435e7f4

  • SHA512

    9680d8034df83b732200af7efc7e8a21ec784cae0e87a8ed1e8b9fbfb9f316a52d8ca2bb36fb8fc433eb9768b0673b869f12bfa1f2a783ccbabff0cf54296baa

  • SSDEEP

    384:lNNMN0e0jD2qc2ob1ojGePUBQP61JpoF1SdGGOXeDiLPqEprciY:lNKl0vc2hV61JpoF1nrODiLPHrciY

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ace13326985fe81bd83ee84a5c8a69ef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ace13326985fe81bd83ee84a5c8a69ef_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c echo ping 127.1 -n 3 >nul 2>nul >c:\cd.bat&echo del "C:\Users\Admin\AppData\Local\Temp\ace13326985fe81bd83ee84a5c8a69ef_JaffaCakes118.exe">>c:\cd.bat&echo del c:\cd.bat>>c:\cd.bat&c:\cd.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.1 -n 3
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\cd.bat
    Filesize

    125B

    MD5

    4c4485c42a08a6728baf3b86be322cfc

    SHA1

    e4d7b148f1964d45aa0d1cb1040a6b14e0807cee

    SHA256

    116953b339997c148a18bd355b5fa10ea9e8401c5097de08a560fac12e0fa9d5

    SHA512

    f552e1c6ba12e7946e38f32dc4abfec1359e0740f57bbf2e50ff1ca82b58f444dd0a19138d32544083d919838c750f7ed15b261d5e4affd8507fc5491ba57b21

    Download Submit