Overview

overview

7

Static

static

3

b7e109ee7f...18.exe

windows7-x64

7

b7e109ee7f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 13:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe

  • Size

    540KB

  • MD5

    b7e109ee7f6fe678bf05360c49610c2b

  • SHA1

    3890e10e8034ffa398b903570de3894020b6fac9

  • SHA256

    124b627fa172de0752e48a68dba4d3c9dc5e38909abb276be0e60cea2e3e5355

  • SHA512

    16242546a2bcfe19dbcd14a19b3a2212ca4c84b1e0180bd5e3448aebacb33b60928843fbd8a71487dbbe565176bef165d5c3909eedbbc20d20c06dc21f9077c2

  • SSDEEP

    6144:7yH7xOc6H5c6HcT66vlmKhggtWKdC9UGy+DTPL1vMi3AYXZq/azNQXVMGhRfP4Um:7aqFlXTPhvHA7azeJ7P41ca0qctale9A

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in Program Files directory 38 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4632
      • C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1944
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2612
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4c0 0x2f8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\b7e109ee7f6fe678bf05360c49610c2b_JaffaCakes118.exe
          Filesize

          504KB

          MD5

          444067f81b9d0728a2e7e58fdf1caf65

          SHA1

          8ca703284b5909142b38122c4a9b7340d2625b09

          SHA256

          bd971a423b8aaace648157868b769b3a32cfeae53c558c35738a45d18f8be3bc

          SHA512

          64300b32eb2415af050038c662ed0e56c604a8abe2992fcc9e2cb729cc64183c7e3ad7f1dbad72dc0410e406012761ba9dfbd2a5f0a57e3519c05b9fecefda76

          Download Submit

        • C:\Windows\svchost.exe
          Filesize

          35KB

          MD5

          345861f739ef259c33abc7ef49b81694

          SHA1

          3b6aff327d91e66a207c0557eac6ddefab104598

          SHA256

          fc3220611aded768e37b125c4e4d5a8ffdbf7dfa8d8c19c07c7791b486457948

          SHA512

          7b0aae948a594f29125a3e80f6c2b51421cda07f5ee4554538037f12b87d4b3937ee74fb400505efcd2a953c897a49d79d875148516dcef619c514251854dfad

          Download Submit

        • memory/2612-14-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2612-20-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2612-24-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/4556-3-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4632-10-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download