Overview

overview

10

Static

static

3

cee85bae0d...18.exe

windows7-x64

10

cee85bae0d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cee85bae0da8e88dde7ca79a6d781e4d_JaffaCakes118.exe

  • Size

    132KB

  • MD5

    cee85bae0da8e88dde7ca79a6d781e4d

  • SHA1

    3a6fe5ebda673434fd2d6a3d697b6d7e4570a37b

  • SHA256

    360003403d66a8fa8110adf1611f050afab444629cb44319f8f79d12b02bbc5f

  • SHA512

    89813bae566e7d58363dd0ee9b8c16215ab85dc49778bed9a9cc37810ec121abf0865048f9ebbbc98cae08867b19f89d02c2a43885366e94b5150723f48ce886

  • SSDEEP

    3072:H3k/WPrdVfWM8RM/8KmwBErXXFefQxD8ampjWCe3L:0/iX8/KmwBEjXFeot8aCbe

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cee85bae0da8e88dde7ca79a6d781e4d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cee85bae0da8e88dde7ca79a6d781e4d_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Users\Admin\zieuxo.exe
      "C:\Users\Admin\zieuxo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zieuxo.exe
    Filesize

    132KB

    MD5

    6004a993bdb49fafab89155a3e9886e7

    SHA1

    983e358fa1d0bade67934d17c16c6cc1a6c737c1

    SHA256

    841dc09eb25dd58eb9e5b3e7ed4d172431491a14cd79bd2c681f55de0d3f3a33

    SHA512

    5034af7646117f33a6a3bbd6def31b38dc0662913672f26acff2129ceb337b18d42e6b3063add10864897819d1698cc69299b13d7c8de4b299fc683efc3ee283

    Download Submit