Overview

overview

7

Static

static

7

d439c5ee84...18.exe

windows7-x64

7

d439c5ee84...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d439c5ee84719dab3c6d9dd2ed0fbf87_JaffaCakes118.exe

  • Size

    141KB

  • MD5

    d439c5ee84719dab3c6d9dd2ed0fbf87

  • SHA1

    7e2efb25c2cff3d571852ae2387f69111eb3a4be

  • SHA256

    ef0f4381dec9bcd2151456ea30f3aa92dd981919326b3ae2c6874bc06580cb65

  • SHA512

    938d2e265c9f3bb43802f6a609ed1bd335bb2c08174eac46bd4e669b1f24d1bebf4b10f6a35d0cd077a4228434218af058502b2f3b66cc1b1363c7e4af10ea2b

  • SSDEEP

    3072:iHGFw1IOjHVDwb2RUPjSm+TMdOfM/QA9GLsqfyc7G/BlYb:imF9s1kJ+K7/QmGLstcoB4

Score
7/10
aspackv2discoverypersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d439c5ee84719dab3c6d9dd2ed0fbf87_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d439c5ee84719dab3c6d9dd2ed0fbf87_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\MSSTDFMT.DLL
    Filesize

    53KB

    MD5

    8315a1ad1052bf9449b156a0f11e1e2d

    SHA1

    61bb3b835cce1c13a877f98091067989538a28a7

    SHA256

    d6ca90635e92a9a61458e364a31da23ff70465ac6ff8f98ab5afbbfcd97f0533

    SHA512

    2e4bcfb2b8d1c89e3273384f55845779cd642c6c1be1db887c3eabe5cbf0abfccc9b472f084e748c08878454863bebc629c7704b7713ba0e87a23328b0d7ccf7

    Download Submit

  • C:\Windows\SysWOW64\MSWINSCK.OCX
    Filesize

    96KB

    MD5

    15e15dad71e318db3cadbf3d86832ee7

    SHA1

    39571c1c320e14b81904194af65df1dc65a2ede7

    SHA256

    a52c6f44e987fa668d5f5e053223b357e60af58315854ac06465f804222149ab

    SHA512

    dcc58ad21ab8ee7a5afd642f119aa1088625a496bdb1b76ae20206b5c25e7921fd3446f841ee6df5cb5a7028a68b8d000b74fc295cf58ba6a26d20cb7a72eb38

    Download Submit

  • memory/3200-2-0x0000000024DD0000-0x0000000024DF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/3200-9-0x0000000022170000-0x000000002218F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3200-16-0x0000000024DD0000-0x0000000024DF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/3200-18-0x0000000022170000-0x000000002218F000-memory.dmp

    Filesize

    124KB

    Download