Overview

overview

10

Static

static

3

c7b76000fc...18.exe

windows7-x64

10

c7b76000fc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-08-2024 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7b76000fcf976820a77ca00fd3bd3f0_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    c7b76000fcf976820a77ca00fd3bd3f0

  • SHA1

    5cf0c8db011f490a71c71383673febb7bf1635fc

  • SHA256

    9221449a59f98c613164a76324c910ef4a8d6fb043eec4a1622efb82c64fae79

  • SHA512

    e841fd86c1c72d243a4f9b26b16a36c60180321ff77f87fe5db98a980d334bfb352cc2e9be4a16e7f3ebfa950af80f4e96d892b8165496aae92eb33e94636545

  • SSDEEP

    384:DWxX9gdJ03fyakLfJqyd1Z7DsaJSms+DG3S1Kcv9gRhQ9IDs6ssyLH2Pm2oY/m50:DC3xAqyd1FDnJ7sYCSkyrlYW8PR

Score
10/10
discoveryevasionspywarestealerupx

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 4 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7b76000fcf976820a77ca00fd3bd3f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c7b76000fcf976820a77ca00fd3bd3f0_JaffaCakes118.exe"
    1⤵
    • Modifies firewall policy service
    • Checks BIOS information in registry
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\C7B760~1.EXE00.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C7B760~1.EXE00.bat
    Filesize

    192B

    MD5

    1b1f311cf577cf47eaa3e7704a775289

    SHA1

    4947f8610db803f8a2ec5843d15919207215a428

    SHA256

    8bcf8477cb830ac6bf4ecb0cdd9a22b11662622d2af02dadc5bf49f5fd81af21

    SHA512

    489bb3802241a844a527a0443b2fddf8f58d770d719b73849e3cef8fbcc0c0b03dffb17fcbfb7abac13f1263c4fe538e0e93dc53689712883dcf5614b370b99f

    Download Submit

  • memory/1264-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-1-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-3-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-6-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-8-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-10-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-12-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-14-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1264-17-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download