Overview

overview

7

Static

static

3

a9aca9ea9c...18.exe

windows7-x64

7

a9aca9ea9c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9aca9ea9c1aa885fc5663235ca33805_JaffaCakes118.exe

  • Size

    822KB

  • MD5

    a9aca9ea9c1aa885fc5663235ca33805

  • SHA1

    2ba15336843794ab3f76212adca6adbe033598b5

  • SHA256

    ca28038d6e52a4ab19f67c92215d87b73333f73c298f2525d69b69e0cecc477b

  • SHA512

    29d0bb6be9572c5cd2abdc6e18e9725b1ca980442781562cf98563806586f0cfe36f2f1fac1cfcea564060a573396095472ae458336433612d602aa8277013f9

  • SSDEEP

    12288:toWA01LVS9+Ai/rj2Vd7U4xY3sM901tXUxVHYxpI2dHeIvNnfpH4rFESMvtNLrPW:+V0bS913VCqisMCK+xF1uFsXAa

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9aca9ea9c1aa885fc5663235ca33805_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a9aca9ea9c1aa885fc5663235ca33805_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\WINDOWS\SysWOW64\463218570.exe
      C:\WINDOWS\system32\463218570.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:5024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\463218570.exe
    Filesize

    363KB

    MD5

    d63504ff35208e743a9aa68ff2b2e196

    SHA1

    a2c8aea122f9162bd2e275193f626b33e3bec0e5

    SHA256

    34e6897e911ef4f41d9bf348d628e4811fbda00f966a91707ef07cebecf60a02

    SHA512

    bfc80f2662b80699a9e372887c0b76e1651528c750b88e87c69691b4c1aa2fb7f6ecab900d356a5203ead6eae3469d09bb48110c86e396516963468192c1d9c2

    Download Submit

  • memory/4004-0-0x0000000000690000-0x0000000000691000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4004-6-0x0000000000690000-0x0000000000691000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4004-7-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/5024-5-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5024-8-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/5024-9-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download