Overview

overview

6

Static

static

3

b9c784fb95...18.exe

windows7-x64

6

b9c784fb95...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 01:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9c784fb956c8a69dba86b1bc8bb7054_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    b9c784fb956c8a69dba86b1bc8bb7054

  • SHA1

    39151d03b80d74f686a229906038c899a7b7be98

  • SHA256

    607cc6b38425ef42f9ed910a82a96ee204580fdbc4f87a554943fb8bab8baa13

  • SHA512

    73c396969aa9ccfddacd25f6e41087eb018121a2e4f38ace93330aa16960d2bd7c1bf656763506a8269b6264c84e5cea38d40a6818b07aa38c33b268c30cc933

  • SSDEEP

    24576:fZfdS4AD8gb1dd1/77WmQm0/LjBAHL+LyROQ6pxhq5J23Wv5vENZg03/U2/lJ:a4U70/nBAHLroQLiWW3zt

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9c784fb956c8a69dba86b1bc8bb7054_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9c784fb956c8a69dba86b1bc8bb7054_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\SysWOW64\notepad.exe
      C:\Windows\system32\notepad.exe
      2⤵
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1224

Network

  • flag-us
    DNS
    dl.dropbox.com
    notepad.exe
    Remote address:
    8.8.8.8:53
    Request
    dl.dropbox.com
    IN A
    Response
    dl.dropbox.com
    IN CNAME
    edge-block-www-env.dropbox-dns.com
    edge-block-www-env.dropbox-dns.com
    IN A
    162.125.64.15
  • flag-gb
    GET
    http://dl.dropbox.com/u/35635681/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/35635681/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/35635681/index.html
    date: Fri, 23 Aug 2024 01:12:35 GMT
    server: envoy
    x-dropbox-request-id: dc86a175f6c84c14aeb7f0b8dfa7bbc3
    content-length: 0
  • flag-gb
    GET
    http://dl.dropbox.com/u/37863769/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/37863769/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/37863769/index.html
    date: Fri, 23 Aug 2024 01:12:35 GMT
    server: envoy
    x-dropbox-request-id: 93c554d2e06d4ac79870e9d84af9c895
    content-length: 0
  • flag-gb
    GET
    http://dl.dropbox.com/u/35635681/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/35635681/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/35635681/index.html
    date: Fri, 23 Aug 2024 01:13:06 GMT
    server: envoy
    x-dropbox-request-id: 44deca4f9cbf488382e90275e74e9580
    content-length: 0
  • flag-gb
    GET
    http://dl.dropbox.com/u/37863769/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/37863769/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/37863769/index.html
    date: Fri, 23 Aug 2024 01:13:06 GMT
    server: envoy
    x-dropbox-request-id: be6a4ad3ec46421e91bab4cbef279072
    content-length: 0
  • flag-us
    DNS
    dl.dropbox.com
    notepad.exe
    Remote address:
    8.8.8.8:53
    Request
    dl.dropbox.com
    IN A
    Response
    dl.dropbox.com
    IN CNAME
    edge-block-www-env.dropbox-dns.com
    edge-block-www-env.dropbox-dns.com
    IN A
    162.125.64.15
  • flag-gb
    GET
    http://dl.dropbox.com/u/35635681/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/35635681/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/35635681/index.html
    date: Fri, 23 Aug 2024 01:13:36 GMT
    server: envoy
    x-dropbox-request-id: e1da7c13ca7c4335845560322a342eb8
    content-length: 0
  • flag-gb
    GET
    http://dl.dropbox.com/u/37863769/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/37863769/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/37863769/index.html
    date: Fri, 23 Aug 2024 01:13:36 GMT
    server: envoy
    x-dropbox-request-id: 47b064ace96147e897769f34101d9e6b
    content-length: 0
  • flag-us
    DNS
    dl.dropbox.com
    notepad.exe
    Remote address:
    8.8.8.8:53
    Request
    dl.dropbox.com
    IN A
    Response
    dl.dropbox.com
    IN CNAME
    edge-block-www-env.dropbox-dns.com
    edge-block-www-env.dropbox-dns.com
    IN A
    162.125.64.15
  • flag-gb
    GET
    http://dl.dropbox.com/u/35635681/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/35635681/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/35635681/index.html
    date: Fri, 23 Aug 2024 01:14:06 GMT
    server: envoy
    x-dropbox-request-id: a81fe7ec517f463ca780bcebea94169d
    content-length: 0
  • flag-gb
    GET
    http://dl.dropbox.com/u/37863769/index.html
    notepad.exe
    Remote address:
    162.125.64.15:80
    Request
    GET /u/37863769/index.html HTTP/1.1
    Host: dl.dropbox.com
    Accept: text/html, */*
    Accept-Encoding: identity
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 301 Moved Permanently
    location: https://dl.dropbox.com/u/37863769/index.html
    date: Fri, 23 Aug 2024 01:14:06 GMT
    server: envoy
    x-dropbox-request-id: 185684f5d51a4b54afc527ba725691fb
    content-length: 0
  • 162.125.64.15:80
    http://dl.dropbox.com/u/35635681/index.html
    http
    notepad.exe
    394 B
     389 B
     5
    4

    HTTP Request

    GET http://dl.dropbox.com/u/35635681/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/37863769/index.html
    http
    notepad.exe
    446 B
     646 B
     6
    5

    HTTP Request

    GET http://dl.dropbox.com/u/37863769/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/35635681/index.html
    http
    notepad.exe
    400 B
     646 B
     5
    5

    HTTP Request

    GET http://dl.dropbox.com/u/35635681/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/37863769/index.html
    http
    notepad.exe
    394 B
     389 B
     5
    4

    HTTP Request

    GET http://dl.dropbox.com/u/37863769/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/35635681/index.html
    http
    notepad.exe
    348 B
     349 B
     4
    3

    HTTP Request

    GET http://dl.dropbox.com/u/35635681/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/37863769/index.html
    http
    notepad.exe
    400 B
     606 B
     5
    4

    HTTP Request

    GET http://dl.dropbox.com/u/37863769/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/35635681/index.html
    http
    notepad.exe
    400 B
     606 B
     5
    4

    HTTP Request

    GET http://dl.dropbox.com/u/35635681/index.html

    HTTP Response

    301
  • 162.125.64.15:80
    http://dl.dropbox.com/u/37863769/index.html
    http
    notepad.exe
    354 B
     606 B
     4
    4

    HTTP Request

    GET http://dl.dropbox.com/u/37863769/index.html

    HTTP Response

    301
  • 8.8.8.8:53
    dl.dropbox.com
    dns
    notepad.exe
    60 B
     121 B
     1
    1

    DNS Request

    dl.dropbox.com

    DNS Response

    162.125.64.15

  • 8.8.8.8:53
    dl.dropbox.com
    dns
    notepad.exe
    60 B
     121 B
     1
    1

    DNS Request

    dl.dropbox.com

    DNS Response

    162.125.64.15

  • 8.8.8.8:53
    dl.dropbox.com
    dns
    notepad.exe
    60 B
     121 B
     1
    1

    DNS Request

    dl.dropbox.com

    DNS Response

    162.125.64.15

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\ProgramData\UavkydB\ErmwvhN\HbswitS.exe
    Filesize

    1.3MB

    MD5

    b9c784fb956c8a69dba86b1bc8bb7054

    SHA1

    39151d03b80d74f686a229906038c899a7b7be98

    SHA256

    607cc6b38425ef42f9ed910a82a96ee204580fdbc4f87a554943fb8bab8baa13

    SHA512

    73c396969aa9ccfddacd25f6e41087eb018121a2e4f38ace93330aa16960d2bd7c1bf656763506a8269b6264c84e5cea38d40a6818b07aa38c33b268c30cc933

    Download Submit

  • memory/1224-2-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1224-8-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-9-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-10-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-6-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-11-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1224-13-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/1224-14-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2076-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2076-7-0x0000000000400000-0x00000000004B8000-memory.dmp

    Filesize

    736KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.