Overview

overview

7

Static

static

3

dc71c16945...18.exe

windows7-x64

7

dc71c16945...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    dc71c169458f5f2ff80d8a3b4adb7b6f

  • SHA1

    7976367dbb4b79363bdac23ee75031a7ac9b3dc6

  • SHA256

    7fea76f5b36fb10983e680e49752086bf58ef0f63c6475e9ba86ffed3e9bbc7a

  • SHA512

    893b07e8dd71989531a1a4690990a83b6440fe525243e852be0f061279e814cb4738f6d3210ddee79dfd1557a962a5a0d89f57861ac88ee15c9036c259c4dd57

  • SSDEEP

    24576:tgZdkskjhAh1wYcZjbllBVAvUo2LIQVwtCyMrXp0lTSBvZimrH/e+dQgHYSk:hvWhWYijblhc2Z+tCjrpQOjx/ksnk

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\Users\Admin\AppData\Local\Temp\is-1D4MG.tmp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1D4MG.tmp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.tmp" /SL5="$70048,1026209,51712,C:\Users\Admin\AppData\Local\Temp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1D4MG.tmp\dc71c169458f5f2ff80d8a3b4adb7b6f_JaffaCakes118.tmp
    Filesize

    706KB

    MD5

    1a6c2b578c69b9388e22d38afa16a7fb

    SHA1

    186370d5438b1f5f3d75891aa8412e8edd00981c

    SHA256

    86ac18632bfdca026df9fe12a1d4df2de64bbdc1d2d7e42d2dcbf7809cbbebb3

    SHA512

    fb868c629cd0255b7620c9260bb5712b6622f53f0b7de3d6125c295e02d16f03584ce3a90eccb02b65ce9825885aa1bca5f68c7cc09dc0c09e7c208fcef54714

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-D851G.tmp\apxInst.dll
    Filesize

    416KB

    MD5

    3da70b7faed7e35220fdbfaf74076c46

    SHA1

    7d1e90b78bd5d3fbf4a59d755fc22f94a7c71b93

    SHA256

    feeccafdcb61df45ce22de5c9a6501b2e02da27614957d2a71909f19af820adb

    SHA512

    f2eca7d1f32b009f8c0036e054a6a7a38cf04349b27566a1adfb9d2ce948ae06619cd8e6573abf238d88f62e44f08bb14b3c077424c6dfd967666a8fbcfadbc0

    Download Submit

  • memory/824-10-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/824-18-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/3648-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3648-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3648-17-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download