Overview

overview

7

Static

static

7

d157334abc...18.exe

windows7-x64

7

d157334abc...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d157334abc12e83e5ba9f36b9b89c6cd_JaffaCakes118.exe

  • Size

    5.0MB

  • MD5

    d157334abc12e83e5ba9f36b9b89c6cd

  • SHA1

    a8a6126d6380008c29f51b9254f625be9b2684cc

  • SHA256

    ad3b9912a3bf9c657e16ea2488c2bb054119e7d9ab9531172d9ed6ee83ae96dd

  • SHA512

    79604133b25197b57db135141629a301ae8b624e6f604891dfd67d4fd77a986b56db3ed72e045b0d6ed5d09fca03fadb2395f673c8f86be7080297bd2e8a620e

  • SSDEEP

    98304:EaEBeZ7vD0yYbtRqOqtgoymPPY7W+vHyRyJLCnG7RTeRpbdepW8:aBeN0yYbq1tgoZPP6PvHyRURiXdep

Score
7/10
discoverypersistencethemida

Malware Config

Signatures

  • Themida packer 22 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d157334abc12e83e5ba9f36b9b89c6cd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d157334abc12e83e5ba9f36b9b89c6cd_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Arq.ini
    Filesize

    43KB

    MD5

    3690d2356f748f12d74f5dad9ef09258

    SHA1

    25a90cdcc7e649fb6e1e3f034185be018af59568

    SHA256

    7fa068ad9497d7044a326b64047543123110f91d840f252ae07c74ed137ea5cd

    SHA512

    29ed4353fce253288144ee88e1830eaa983d3d3316888c2ceba7b7e8ab6040983943b0e1ec3b8f5bc2694c81de95efed0e576dc4ba498dd6f091174bae4418c6

    Download Submit

  • memory/1872-34-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-45-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-5-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-6-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-7-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1872-8-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-9-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-10-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-0-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1872-32-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-33-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-1-0x0000000000D90000-0x0000000000E72000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1872-2-0x0000000000401000-0x0000000000482000-memory.dmp

    Filesize

    516KB

    Download

  • memory/1872-35-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-41-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-38-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-39-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-40-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-37-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-42-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-43-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-44-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-36-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-46-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-47-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1872-48-0x0000000000400000-0x0000000000D83000-memory.dmp

    Filesize

    9.5MB

    Download