Overview

overview

7

Static

static

7

df2329662a...18.exe

windows7-x64

7

df2329662a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 00:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df2329662a48172d154ea17ca7da5a99_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    df2329662a48172d154ea17ca7da5a99

  • SHA1

    55bb641c12dbebdaf3b4e23012ca81ca77aac39c

  • SHA256

    18565654a6759f3cf3ef53cd7b50c864050b9a4bd4117e9e3fc1a17a7d9a54d2

  • SHA512

    577f3f8c7e805dd25ac0f5ca099189a19d7a72cdf378c3f49217722e5d828ebd827f2f95148e490c816022d97bc653c9f9b123bb5494d19bd70df0264b318804

  • SSDEEP

    384:Yq44ejyZ+yMz0Dtbap1UxWOBbE/pY0JTNg6sMcI6+Qk4kYSFeDhcAo:YqwjhbUbyUxhNExmHMvNmSkDh1o

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df2329662a48172d154ea17ca7da5a99_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\df2329662a48172d154ea17ca7da5a99_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Users\Admin\AppData\Local\Temp\df2329662a48172d154ea17ca7da5a99_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\df2329662a48172d154ea17ca7da5a99_JaffaCakes118.exe
      2⤵
        PID:2408

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2408-8-0x0000000000400000-0x0000000000403000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2408-5-0x0000000000400000-0x0000000000403000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2408-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2408-1-0x0000000000400000-0x0000000000403000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2692-0-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2692-7-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2692-9-0x00000000001B0000-0x00000000001BF000-memory.dmp

      Filesize

      60KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.