Overview

overview

7

Static

static

7

ac24f06fdf...18.exe

windows7-x64

7

ac24f06fdf...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac24f06fdf5a5e7ed478418597a2d5cb_JaffaCakes118.exe

  • Size

    926KB

  • MD5

    ac24f06fdf5a5e7ed478418597a2d5cb

  • SHA1

    d5723c93d9f65354cdf9764acd9db24107e1143a

  • SHA256

    643d6b1cba1081fa333d4e667fd52f920a8dbe6a1d817744bdc4ee39ebab99a5

  • SHA512

    cfe04ba4a12a295e0f1fc560bf0db82ba856c3fad40a8b4c4cd5a5601be58ba3a94e46e04f40d2f26b99d44b722b30f4a623f09d7a7d3d251b15e0170b5d72e6

  • SSDEEP

    24576:khq0hpEG0w9kDzALzbr5/MGYkDOHM9rflhJ+1kX:SK8yDAvh7YkiM9rp+1G

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac24f06fdf5a5e7ed478418597a2d5cb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac24f06fdf5a5e7ed478418597a2d5cb_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\SastikDelete.bat "C:\Users\Admin\AppData\Local\Temp\ac24f06fdf5a5e7ed478418597a2d5cb_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\SysWOW64\attrib.exe
        attrib -S -H "C:\Users\Admin\AppData\Local\Temp\ac24f06fdf5a5e7ed478418597a2d5cb_JaffaCakes118.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Views/modifies file attributes
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SastikDelete.bat
    Filesize

    69B

    MD5

    fde1e0bed53bf0b390feb49994053ebd

    SHA1

    1851270c437e97a21bd78cfb65f67c67f517e381

    SHA256

    e35592b76193c5483ab2bfd14b73e062b907512bb0b99fdac7030f37b7341745

    SHA512

    48fccfeb4454f803accfd02df260188cdd9a371fe44274a4dbb535bc8616276d02c5b8eff3ed8fa5c36b8347f97992df68e5add6c9b1749bb6d6611786541fae

    Download Submit

  • memory/2916-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2916-24-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download