Overview

overview

8

Static

static

3

c9625c713a...18.exe

windows7-x64

8

c9625c713a...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9625c713ad0dc3fa94f6990e4ce594c_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    c9625c713ad0dc3fa94f6990e4ce594c

  • SHA1

    c415f9afebf4feb375d9c8071691846ef627b269

  • SHA256

    b87650a29f1de493b5638a53bbbb23d7835a678f240b082c3d4016b01fe46174

  • SHA512

    fc8fd76450ba47df708a6b7f55f5d410a01c30c0ecddbfa2f880d19058014368262813caf273f86e34b298da77517d18c7e107bd5552e9ababf6d42ec1c4365f

  • SSDEEP

    6144:NtKe6YiDdv3m3mgKHIl7bNIAROzTuaPUD8XYPK9sQxonoRjfs4hli0YTg6k8jTOc:NtKe6Zv23YdAPaPUDLPZXwjkyAHk83O4

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9625c713ad0dc3fa94f6990e4ce594c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c9625c713ad0dc3fa94f6990e4ce594c_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    375KB

    MD5

    fb0ebf88ea3c2ec526558032a824e6da

    SHA1

    fe360475d5346db29eb844fb7c876b0eb43438f2

    SHA256

    7ee8a7adfb159d17ca1ec722568996d7164b267f7c60782604895c3327ce0373

    SHA512

    c22f34eec5ff8a18f8241f6a92b57e14e86f1f3cc256787c28d91b9ab01f51a05f9026463ccd9e36110d5e8af3ec1476f7a7b12ff6b0c8bb952e80e752464b1c

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    376KB

    MD5

    a396f7b9d7722308907a78506217d320

    SHA1

    511c387a0fcc5498b99d8ea40fbe374337966c20

    SHA256

    51d105db845a1cc1eab8b04aa89c50174dcbe838bd28bdc4d9a4f8ef35210f90

    SHA512

    16b41335e5b67631ac09bbcc1075fc549e36ceb6c7a719677a45ba45f1cb9408d62a0c2ad559d25eed74b4e7b01505a7f2212f547bea59b447e70cabd70e753e

    Download Submit

  • memory/1620-16-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2028-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2028-10-0x0000000000220000-0x0000000000255000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2028-14-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download