Overview

overview

7

Static

static

3

a92803c0b2...18.exe

windows7-x64

7

a92803c0b2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 02:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a92803c0b24d5d737e3f9ba283eba870_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    a92803c0b24d5d737e3f9ba283eba870

  • SHA1

    22febe87f747717f7cb9acc138611603e4d31293

  • SHA256

    d0a4fdfe2b8c1b73c2b91ab34be69589aba44d9f4c76f98ddc269776fabcf1af

  • SHA512

    3126a1acd1e2b4817139d90a7cb62dc5f5a8cbdb4f95ad6bddb0c5bb7ce82688bb36d6f11c14fa37ad825b55e889eb9351da92fd724d7873d3c380e2e0a56f23

  • SSDEEP

    24576:/059Its8fzBuRNfLC+wf0Zl+s3UiR/DvGnvUGfyOHgbp/5t6yhJXtK8:/Qe0RZEf0Zks3UipDvGnvRboH6L8

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a92803c0b24d5d737e3f9ba283eba870_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a92803c0b24d5d737e3f9ba283eba870_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\C6EA.tmp
          Filesize

          415B

          MD5

          633591008d34d213ae23ac67a4b2eb6b

          SHA1

          ea61c94a88113b81242c863810c34d4ed2530f93

          SHA256

          5425e289758dbe0bac10fc42c1bd848246b158137f2069a78a6197ceb1296142

          SHA512

          941dadcce713cf3b542d733ecfe7b9c63851b05dd717b3bb5e2944f0b1daa189c9bd7c245e4706c5ad28befa177fab376c6a60ae45fa925e4a25e400965ce6c7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\temp01.dll
          Filesize

          44KB

          MD5

          142b83e39f48b2af064dacab3ecce059

          SHA1

          760488b306ba573d8b19791b45fa470534b2e02d

          SHA256

          65c3fe96c3f6d297f7b4a3b82afd072b32096cd218c02c8d2f40293be15e45bb

          SHA512

          992c399d9f45b3d05cdb0dffdae24721763b18abe0b0ae2ffd130b40ff3dc7b6d19a22a3a09380d84fe5d406d6164562c9051148bf3d2e790a3a4fde897d765d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\twbjkg.dll
          Filesize

          60KB

          MD5

          b46a277054a58d119d72af954bafe427

          SHA1

          521212f5e3b5de55d9faa68a407b3711dc2c6de2

          SHA256

          f0cdb5444f2a984d847600a6f622611ad468a7a344d31b57770e18ba0c817c47

          SHA512

          1ebcbeb82150f447202433571443c01389e3e85e6f733fe66be3ad76abdb984b8222b6f94e3feb8d322b4b481c89400edd534cf07bf4919eeff5696f0e1fb514

          Download Submit

        • memory/4464-71-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-72-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-73-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-74-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-75-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-76-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-77-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-78-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4464-90-0x0000000000400000-0x00000000005DF000-memory.dmp

          Filesize

          1.9MB

          Download