Overview

overview

7

Static

static

3

bc34fa4b3b...18.exe

windows7-x64

7

bc34fa4b3b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 14:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc34fa4b3b7ca2f0f6a404bef0e61878_JaffaCakes118.exe

  • Size

    226KB

  • MD5

    bc34fa4b3b7ca2f0f6a404bef0e61878

  • SHA1

    a8852d6aa432a1cba54ab4857289dc191a4a1036

  • SHA256

    1222965569dc3023eaf963d84527e5c92301c7157b2f9d2abd58f12e545bc152

  • SHA512

    9f30c69732de4585b340ecc443a16f42da76cf6e068e0e0dcf5756d7384edf38f125571620368621b0bf93603513ebcf72d77723160376b9ed8e583ca073ebf0

  • SSDEEP

    6144:w+tTAqgYhO9MegccZ7nt44e42kps1VqPjwrhwlp1B:wZohO9MJdnt3e/rqsrWB

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc34fa4b3b7ca2f0f6a404bef0e61878_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bc34fa4b3b7ca2f0f6a404bef0e61878_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\Upekea.exe
      C:\Windows\Upekea.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
          Filesize

          372B

          MD5

          4d5b95c70b14c3e24e9a5d8f8d40671b

          SHA1

          9ec2d46708be2feede1080a79a13b3f905aa61a8

          SHA256

          de547197c78a9b28f4c63c1866f3e4679b309f5a81b9d7d945fd8d83b46607d7

          SHA512

          133116f6fbdb4f2c8948d8f15772b0d2c4f962059c1530f33620e716ca8c1502fc961bc16faead5e5ffd37d835a6c0a7b81b482095a174e1717c14d9aea67cb2

          Download Submit

        • C:\Windows\Upekea.exe
          Filesize

          226KB

          MD5

          bc34fa4b3b7ca2f0f6a404bef0e61878

          SHA1

          a8852d6aa432a1cba54ab4857289dc191a4a1036

          SHA256

          1222965569dc3023eaf963d84527e5c92301c7157b2f9d2abd58f12e545bc152

          SHA512

          9f30c69732de4585b340ecc443a16f42da76cf6e068e0e0dcf5756d7384edf38f125571620368621b0bf93603513ebcf72d77723160376b9ed8e583ca073ebf0

          Download Submit

        • memory/1636-6175-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1636-0-0x0000000000402000-0x0000000000403000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1636-53478-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1636-1-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-38813-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-34099-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-9-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-38758-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-43293-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-8-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53479-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53480-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53481-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53483-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53484-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2808-53488-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download