Overview

overview

10

Static

static

7

b7d5004bef...18.dll

windows7-x64

10

b7d5004bef...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 13:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d5004bef0f467729a028d1e3400443_JaffaCakes118.dll

  • Size

    165KB

  • MD5

    b7d5004bef0f467729a028d1e3400443

  • SHA1

    1f7d1af6bc7061ea3254350a8ac28c134de6c3aa

  • SHA256

    5735573e1c4a678ea0ff3a966db4d7bdebe75d84b669fff4858bd03f2e647968

  • SHA512

    d9c329982d230b5de063704f72b109edde3520694bd909e31c1ffe8ce43e3150b49aee9e922a3d600cb9dc52fec76f5eefd1805922e12937e6de5403530c131d

  • SSDEEP

    3072:ia3sh3AZ7jermUUBD6Xi+N3BRr0mRIcqNcKQopoaft+lL15YANipuorwGHFh3hL/:WhQZWrmNz+Nxl0mGc2cBQ0lL15YAkuRu

Score
10/10
discoverypersistenceupx

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 4 IoCs
  • Drops file in Drivers directory 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d5004bef0f467729a028d1e3400443_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d5004bef0f467729a028d1e3400443_JaffaCakes118.dll,#1
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Blocklisted process makes network request
      • Drops file in Drivers directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2292

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2292-1-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-2-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-3-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-4-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-5-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-6-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-11-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-16-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download

        • memory/2292-17-0x0000000010000000-0x0000000010D2E000-memory.dmp

          Filesize

          13.2MB

          Download