Overview

overview

8

Static

static

3

b122a3a857...18.exe

windows7-x64

8

b122a3a857...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b122a3a8578ecdf75a6343441e1e804d_JaffaCakes118.exe

  • Size

    39KB

  • MD5

    b122a3a8578ecdf75a6343441e1e804d

  • SHA1

    761e0c91c9bcfff977f0bc61b78d1a0278134868

  • SHA256

    89fa499b45546a9a9e71a5cafc9c743decc52dab52139ed0c08182a9f450cbbb

  • SHA512

    72a7c2e781359979051ea41ae5e3980c425e856e627c91a2cf59f7b99f1c91d2bb6ade0214a66238344d5a6e9718a093cadf6e69dea67a86506394eb661ad9bb

  • SSDEEP

    768:nM9DFuNKOXaT+Mo8GPM6vBLI+3TjmmxdmGQX6QugeVJp4zJ8Q:M9UNKOBtMc5/O2mGQXV2VJpwqQ

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Signatures

  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 5 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Indicator Removal: Clear Persistence 1 TTPs 1 IoCs

    remove IFEO.

    defense_evasion
  • Drops file in System32 directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b122a3a8578ecdf75a6343441e1e804d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b122a3a8578ecdf75a6343441e1e804d_JaffaCakes118.exe"
    1⤵
    • Event Triggered Execution: Image File Execution Options Injection
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\28sagl15.bat
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Windows\SysWOW64\msinn.exe
        C:\Windows\system32\msinn.exe
        3⤵
        • Event Triggered Execution: Image File Execution Options Injection
        • Executes dropped EXE
        • Indicator Removal: Clear Persistence
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\28sagl15.bat
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\28sagl15.bat
    Filesize

    125B

    MD5

    5d92bcd578fa29f8bcd30fadfb593336

    SHA1

    b4d0915221fd51b94f4def70deeb536fe7eb3443

    SHA256

    49305dc9688744753552fb8aace4b2c6937800f16aff1315cd16d43f95654653

    SHA512

    7e053d8c0908eaadebdb8c65dca10a03299e58ebf53f4a4a66be228bdf5fe3b2588d6f5263d47338fbffa93b13fc071af0bed22af486744077efc58debe8be50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\28sagl15.bat
    Filesize

    235B

    MD5

    fe795b84c3858861962157defb3d2906

    SHA1

    73753809018b1e7c34d04dfedb8f8ed7437ff9aa

    SHA256

    1a98594d9307db72bdf02280ebdb8d8d6e075c8b8f5642c424ba3ced6f218692

    SHA512

    5f8c776b78ba643e4b5cdbc4baa4756b387959f0485ce6d9f08a911618afd7d4a0e27b3b6fc1c063364d20b310ce504bc0dfafa07abf8778cc0b19e53ea1adc5

    Download Submit

  • C:\Windows\SysWOW64\msinn.exe
    Filesize

    39KB

    MD5

    b122a3a8578ecdf75a6343441e1e804d

    SHA1

    761e0c91c9bcfff977f0bc61b78d1a0278134868

    SHA256

    89fa499b45546a9a9e71a5cafc9c743decc52dab52139ed0c08182a9f450cbbb

    SHA512

    72a7c2e781359979051ea41ae5e3980c425e856e627c91a2cf59f7b99f1c91d2bb6ade0214a66238344d5a6e9718a093cadf6e69dea67a86506394eb661ad9bb

    Download Submit