Overview

overview

7

Static

static

3

dcc32ae464...18.exe

windows7-x64

7

dcc32ae464...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcc32ae4646bdd02772088471463d1b1_JaffaCakes118.exe

  • Size

    76KB

  • MD5

    dcc32ae4646bdd02772088471463d1b1

  • SHA1

    5ae2e320de049ad72070c86d047301eefa4057a0

  • SHA256

    902253b0112aad1b588e64be0e10e1f964f0e10b646e320bc79f97310db493f8

  • SHA512

    9a3ff15cdae6e3741800021874ee4a2d3c09a17a4044b8b9297317b1e8bac3819e8531114b7319ad6db8148baa0262ffbe87ffe79a645e0a0a57fef176db7d63

  • SSDEEP

    768:F62Q4I8oPbrdTRL68tB9OJJl+2n9HWt8f9ntXtRtyHdpSeG3H4UJQ9Wwcs3:Sfdzt7SA294WtRtyHXO3H4UY93

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcc32ae4646bdd02772088471463d1b1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dcc32ae4646bdd02772088471463d1b1_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:1936
  • C:\Windows\SysWOW64\cusoqc.exe
    C:\Windows\SysWOW64\cusoqc.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\cusoqc.exe
    Filesize

    76KB

    MD5

    dcc32ae4646bdd02772088471463d1b1

    SHA1

    5ae2e320de049ad72070c86d047301eefa4057a0

    SHA256

    902253b0112aad1b588e64be0e10e1f964f0e10b646e320bc79f97310db493f8

    SHA512

    9a3ff15cdae6e3741800021874ee4a2d3c09a17a4044b8b9297317b1e8bac3819e8531114b7319ad6db8148baa0262ffbe87ffe79a645e0a0a57fef176db7d63

    Download Submit

  • C:\Windows\SysWOW64\hra33.dll
    Filesize

    13KB

    MD5

    fc6c2459c244b9353736fec9b8e5b279

    SHA1

    73ecc362b309325348d29cb5431cf76a670caf24

    SHA256

    be897809a13ab51eb98bb3a1d024809022f286c8d00c404460c4ec55c892626d

    SHA512

    11c1c15d84beac48c9ee16e6fc0e95a4d42aeee3d2c1bf51373cc314416ea7e85eb9550c90962172a126687868a67263c3e2b4e587f5a42c1ef7c87d5f288365

    Download Submit