Overview

overview

7

Static

static

7

b28ae95d1b...18.exe

windows7-x64

7

b28ae95d1b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 07:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b28ae95d1bca5ed560169cf2f31568c7_JaffaCakes118.exe

  • Size

    411KB

  • MD5

    b28ae95d1bca5ed560169cf2f31568c7

  • SHA1

    4f019ea4c979a81b84507d3a5fa9c276f2debbb2

  • SHA256

    888420bbedfc70fdcdde67c8e9d1bf2b6cce82aa0245b526e3c2988da7a719c3

  • SHA512

    6a994ab270b5d5da7c38b2ee8f4676505f40527d1842e2eab987747bac780366ee2d74894847106973a134567818ae71377b594285dcdaa5c1d778ec665172a4

  • SSDEEP

    12288:6wy3CDUqK89DMZYAa3kMGwS9AUtniWU15x/:4qF9DMEh+i

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b28ae95d1bca5ed560169cf2f31568c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b28ae95d1bca5ed560169cf2f31568c7_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\Lluqua.exe
      C:\Windows\Lluqua.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 908
        3⤵
        • Program crash
        PID:64752
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 2964 -ip 2964
    1⤵
      PID:64636

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Lluqua.exe
            Filesize

            411KB

            MD5

            b28ae95d1bca5ed560169cf2f31568c7

            SHA1

            4f019ea4c979a81b84507d3a5fa9c276f2debbb2

            SHA256

            888420bbedfc70fdcdde67c8e9d1bf2b6cce82aa0245b526e3c2988da7a719c3

            SHA512

            6a994ab270b5d5da7c38b2ee8f4676505f40527d1842e2eab987747bac780366ee2d74894847106973a134567818ae71377b594285dcdaa5c1d778ec665172a4

            Download Submit

          • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
            Filesize

            390B

            MD5

            48bd692215d6527113ab0248a108cd39

            SHA1

            e5acb2178e4366c0859a3e4b754bb74c6a0638b3

            SHA256

            252212b1fcf043cffd01a3cef6eb2e0be86c66e1e0baf5e64ad788cc4bb5f788

            SHA512

            230e7ff37ea9a758060631320339238890c2d0b8cd14af91ae036efdfb00d0f598f17c99ba17ef7f7967d7950532e39f19f21d1b44453cbc85065d202849a0ce

            Download Submit

          • memory/2280-0-0x0000000000400000-0x0000000000469000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2280-1-0x00000000005B0000-0x00000000005B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2280-4-0x0000000000400000-0x000000000043C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/2280-82614-0x0000000000400000-0x000000000043C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/2280-82613-0x0000000000400000-0x0000000000469000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2964-11-0x0000000000400000-0x0000000000469000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2964-19-0x0000000000400000-0x000000000043C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/2964-82615-0x0000000000400000-0x0000000000469000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2964-82618-0x0000000000400000-0x000000000043C000-memory.dmp

            Filesize

            240KB

            Download