Overview

overview

7

Static

static

3

d27edfefdf...18.exe

windows7-x64

7

d27edfefdf...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2024 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    d27edfefdfb01a6244e4cab4c633183d

  • SHA1

    7cf96540cf4033429f19a8c5ada3c357a5959459

  • SHA256

    461f67d22c25b4169077a4deda107be0408429e1dfa95146f0e025ded9c7f654

  • SHA512

    eaed04fa5d212cd9a3469ebde13be45a167214cc94294be984fc835b356d45a824391d4d097ce9ed5ac5ebc8488e8f1a27d799dacf2a8f95c289c4d00558caab

  • SSDEEP

    24576:fa109AGa8VAy0V8NGp7eeZWIUNdu89GaxZ:GNGa8+hVT75W7du2Gaj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4208
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4752
      • C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:4292
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:1240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GLC7CC1.tmp
    Filesize

    156KB

    MD5

    625214a1c57538359244dab9fac4636f

    SHA1

    4f41779fb53c71c38161cfe60bf2d91b42033678

    SHA256

    810bba54c92479bb47574bc214911bf310f0e98800bc33cdeff35a5e13c82ac9

    SHA512

    d166443eead29f623f3e0e558c5a9c560e0d55d4602fa5f78f80bc1147f5533b54da9b481504828871954c5c96a69015cfdbe50beb791e6e1e1d0c26b52752b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLK7CF1.tmp
    Filesize

    37KB

    MD5

    7d179e580725090268424a536d021e9c

    SHA1

    7ca5f3d4b32c7cce1668f25ea3b726d8c7df15e8

    SHA256

    9a06ea098987dad25f1a255d8881a20ade5177c037b656a5c4aa8b51424d283b

    SHA512

    8584fb44b529f76b8bad44eef6e616bf47916290cec929251c33c822c7f7d267b5469874cf152516d2a44b3fcb3f021e1b0b853cbe7038bb7a5ec02d599eefd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\d27edfefdfb01a6244e4cab4c633183d_JaffaCakes118.exe
    Filesize

    1.1MB

    MD5

    2d362b8915a85c8043ba4645eb51bf44

    SHA1

    6ee124d40606376685488a8142ddd5fa3b116b5b

    SHA256

    8bdee56694392e9edc2be37dade14d15086f80956b46f9c4391b1d0d711bf4ef

    SHA512

    e805569ea82c86d401ee0845a74b970228ae00b1927234e89ec0dff63cb13fddcb94ebc446219708d8c1940b84825f21a23caf925c09ef9a6070341da350a6dc

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    35KB

    MD5

    9e3c13b6556d5636b745d3e466d47467

    SHA1

    2ac1c19e268c49bc508f83fe3d20f495deb3e538

    SHA256

    20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8

    SHA512

    5a07ba8a7fcb15f64b129fada2621252b8bc37eb34d4f614c075c064f8ac0d367301eba0c32c5e28b8aa633f6ab604f0dfcc363b34734ce0207ef0d4e8817c4b

    Download Submit

  • memory/1240-25-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1240-28-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1240-35-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4208-3-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4292-22-0x0000000004140000-0x0000000004155000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4292-33-0x0000000004140000-0x0000000004155000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4752-11-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download