Overview

overview

7

Static

static

3

aeb805ea2d...18.exe

windows7-x64

7

aeb805ea2d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aeb805ea2d57f2f9f49fa8ab1807ffda_JaffaCakes118.exe

  • Size

    3.2MB

  • MD5

    aeb805ea2d57f2f9f49fa8ab1807ffda

  • SHA1

    d7344ba880c2f83a8e9c347f8d4c107e4d94088c

  • SHA256

    ec6f978e3825a28ffa1eeb50033da12f34cbe46c6629728a51a562aa13a996a8

  • SHA512

    e77be5d47ccab956243947b9f38c174c4c128c2ded0f85e25babd365c670d7a5b04bec8ca9295b398bd14313bfade994d908c77c7f697ef2a3298604fde7d1d4

  • SSDEEP

    49152:shPg95YC1yRr5R+jzA66ymAu1Rx48D9d5VGoemc6RdYdW9HuRs7fg9FLuWV355Fx:ggXt1yRr8zA6POQ149HuRs7fgno

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aeb805ea2d57f2f9f49fa8ab1807ffda_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aeb805ea2d57f2f9f49fa8ab1807ffda_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4860
    • C:\Users\Admin\AppData\Roaming\taskhost.exe
      C:\Users\Admin\AppData\Roaming\taskhost.exe
      2⤵
      • Executes dropped EXE
      • Drops autorun.inf file
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3472
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /A /C "cmd.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4684
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\taskhost.exe
    Filesize

    3.2MB

    MD5

    aeb805ea2d57f2f9f49fa8ab1807ffda

    SHA1

    d7344ba880c2f83a8e9c347f8d4c107e4d94088c

    SHA256

    ec6f978e3825a28ffa1eeb50033da12f34cbe46c6629728a51a562aa13a996a8

    SHA512

    e77be5d47ccab956243947b9f38c174c4c128c2ded0f85e25babd365c670d7a5b04bec8ca9295b398bd14313bfade994d908c77c7f697ef2a3298604fde7d1d4

    Download Submit

  • memory/3472-46-0x0000000002470000-0x0000000002480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3472-38-0x0000000000750000-0x0000000000760000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3472-54-0x00000000025B0000-0x00000000026A3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/3472-64-0x0000000000400000-0x0000000000628000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4860-0-0x0000000000400000-0x0000000000628000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4860-1-0x0000000002680000-0x0000000002773000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4860-2-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4860-18-0x0000000002660000-0x0000000002670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4860-10-0x0000000000D60000-0x0000000000D70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4860-63-0x0000000000400000-0x0000000000628000-memory.dmp

    Filesize

    2.2MB

    Download