Overview

overview

7

Static

static

3

baf4f7ae69...18.exe

windows7-x64

7

baf4f7ae69...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 08:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    baf4f7ae6951ad71f12e478d6becbbef_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    baf4f7ae6951ad71f12e478d6becbbef

  • SHA1

    5ac49bcbaef35ccf78e913d3f0651d1eb746a966

  • SHA256

    52caa92241b2e093b7dd46de333035d36348aae5499166738b74fd6477c4bff4

  • SHA512

    962dc8142ced7e9d80ad569c4ebf8d7c328788b57643917e83f911e664eec7b67680f594aa0fe6354ec7416da2c3a4687fe7518e368055b2aa370e0ecace716f

  • SSDEEP

    24576:ow/BBBjXKT1DaIFZAH9MVYWkENLbvlT/w000000MdSKrIWK9exHT9UQ:dBXjXKT1Ddz9T/w000000M3rTT7

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baf4f7ae6951ad71f12e478d6becbbef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\baf4f7ae6951ad71f12e478d6becbbef_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Program Files (x86)\RealAV\RealAV.exe
          Filesize

          1.9MB

          MD5

          baf4f7ae6951ad71f12e478d6becbbef

          SHA1

          5ac49bcbaef35ccf78e913d3f0651d1eb746a966

          SHA256

          52caa92241b2e093b7dd46de333035d36348aae5499166738b74fd6477c4bff4

          SHA512

          962dc8142ced7e9d80ad569c4ebf8d7c328788b57643917e83f911e664eec7b67680f594aa0fe6354ec7416da2c3a4687fe7518e368055b2aa370e0ecace716f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\stylrit0.tmp
          Filesize

          554KB

          MD5

          c8f83a8327b280a6e33cf667904c9607

          SHA1

          5bc27ff7a590c335b5c44e668758b0efd5a91294

          SHA256

          b251b512a7cb787348fad43d3d351c4d9965bcf0c0ca6d8f70cab9ecec0f6d22

          SHA512

          f6bd32a548af79f5d35606725cdbb840f088a56bb56dd57354b6dabc017ab83f1f6d41278fc5a0c9f62ef03dc721926ae11ae932cc3170d0273baab93f61d53b

          Download Submit

        • memory/3032-21-0x0000000076830000-0x0000000076887000-memory.dmp

          Filesize

          348KB

          Download

        • memory/3032-20-0x0000000075F50000-0x0000000075FF0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3032-19-0x0000000074CA0000-0x0000000074D3D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3032-18-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3032-23-0x0000000074450000-0x00000000744A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/3032-25-0x0000000076430000-0x00000000764BF000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3032-24-0x00000000764C0000-0x000000007661C000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3032-26-0x00000000742C0000-0x0000000074450000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-28-0x0000000076890000-0x00000000768BA000-memory.dmp

          Filesize

          168KB

          Download

        • memory/3032-29-0x0000000074140000-0x0000000074235000-memory.dmp

          Filesize

          980KB

          Download

        • memory/3032-27-0x00000000761B0000-0x00000000763C5000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3032-30-0x0000000074990000-0x0000000074B2D000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-32-0x0000000075F50000-0x0000000075FF0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3032-31-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3032-22-0x0000000075280000-0x0000000075ECA000-memory.dmp

          Filesize

          12.3MB

          Download

        • memory/3032-34-0x0000000076830000-0x0000000076887000-memory.dmp

          Filesize

          348KB

          Download

        • memory/3032-33-0x0000000075ED0000-0x0000000075F4B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/3032-43-0x00000000761B0000-0x00000000763C5000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3032-42-0x00000000747B0000-0x00000000747B9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3032-45-0x00000000769F0000-0x0000000076ABC000-memory.dmp

          Filesize

          816KB

          Download

        • memory/3032-41-0x00000000742C0000-0x0000000074450000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-40-0x0000000076430000-0x00000000764BF000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3032-39-0x00000000764C0000-0x000000007661C000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3032-38-0x0000000074770000-0x000000007478C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3032-48-0x0000000074140000-0x0000000074235000-memory.dmp

          Filesize

          980KB

          Download

        • memory/3032-49-0x0000000074990000-0x0000000074B2D000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-47-0x00000000751F0000-0x0000000075273000-memory.dmp

          Filesize

          524KB

          Download

        • memory/3032-57-0x0000000076830000-0x0000000076887000-memory.dmp

          Filesize

          348KB

          Download

        • memory/3032-66-0x0000000074990000-0x0000000074B2D000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-85-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3032-84-0x0000000074990000-0x0000000074B2D000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-83-0x0000000074140000-0x0000000074235000-memory.dmp

          Filesize

          980KB

          Download

        • memory/3032-82-0x00000000751F0000-0x0000000075273000-memory.dmp

          Filesize

          524KB

          Download

        • memory/3032-80-0x00000000769F0000-0x0000000076ABC000-memory.dmp

          Filesize

          816KB

          Download

        • memory/3032-79-0x00000000761B0000-0x00000000763C5000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3032-78-0x00000000747B0000-0x00000000747B9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3032-77-0x00000000742C0000-0x0000000074450000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-76-0x0000000074450000-0x00000000744A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/3032-75-0x00000000744B0000-0x000000007464E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-74-0x0000000076830000-0x0000000076887000-memory.dmp

          Filesize

          348KB

          Download

        • memory/3032-73-0x0000000075F50000-0x0000000075FF0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3032-72-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3032-71-0x0000000074670000-0x000000007467A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3032-70-0x0000000074690000-0x00000000746A9000-memory.dmp

          Filesize

          100KB

          Download

        • memory/3032-69-0x00000000740D0000-0x0000000074140000-memory.dmp

          Filesize

          448KB

          Download

        • memory/3032-68-0x0000000074750000-0x0000000074759000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3032-67-0x0000000076800000-0x0000000076827000-memory.dmp

          Filesize

          156KB

          Download

        • memory/3032-65-0x0000000074140000-0x0000000074235000-memory.dmp

          Filesize

          980KB

          Download

        • memory/3032-64-0x00000000751F0000-0x0000000075273000-memory.dmp

          Filesize

          524KB

          Download

        • memory/3032-62-0x00000000769F0000-0x0000000076ABC000-memory.dmp

          Filesize

          816KB

          Download

        • memory/3032-61-0x00000000761B0000-0x00000000763C5000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/3032-60-0x0000000076430000-0x00000000764BF000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3032-59-0x0000000074450000-0x00000000744A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/3032-58-0x00000000744B0000-0x000000007464E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3032-55-0x0000000075F50000-0x0000000075FF0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3032-54-0x0000000074CA0000-0x0000000074D3D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3032-53-0x0000000000400000-0x00000000005F2000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3032-52-0x0000000074670000-0x000000007467A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3032-51-0x0000000074690000-0x00000000746A9000-memory.dmp

          Filesize

          100KB

          Download

        • memory/3032-50-0x00000000740D0000-0x0000000074140000-memory.dmp

          Filesize

          448KB

          Download

        • memory/3032-56-0x0000000075ED0000-0x0000000075F4B000-memory.dmp

          Filesize

          492KB

          Download

        • memory/3032-37-0x0000000074450000-0x00000000744A1000-memory.dmp

          Filesize

          324KB

          Download

        • memory/3032-36-0x0000000075280000-0x0000000075ECA000-memory.dmp

          Filesize

          12.3MB

          Download

        • memory/3032-35-0x00000000744B0000-0x000000007464E000-memory.dmp

          Filesize

          1.6MB

          Download