Overview

overview

7

Static

static

3

ea840b610a...18.exe

windows7-x64

4

ea840b610a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea840b610aa1636621be214c6502d3a0_JaffaCakes118.exe

  • Size

    192KB

  • MD5

    ea840b610aa1636621be214c6502d3a0

  • SHA1

    106e244a768c44f29c336d9390b2c2c55e8f9c9b

  • SHA256

    b035879968ec12f8e53cc472eed90a5e9200c0b08cbc2362eee9867903ade086

  • SHA512

    269a69123bbdeeae26b655f1ae81e22e0e57cb7ef7e8adfd22daf20ae070c5d1e2f5e15a58f8ed512bc73d1a63762ef0350a99aa887dafcc12bcc8b870941fd8

  • SSDEEP

    3072:t2hCMZRDoMZyQmELk/TlkOwyYElrn/gmw4/SeHnkyHTjFaGYO:taP3D1Zy5nZnlrn/bw4/SeHntHTjN

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea840b610aa1636621be214c6502d3a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea840b610aa1636621be214c6502d3a0_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c start C:\Windows\Easypic.bmp
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2188
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Easypic.bmp
    Filesize

    703KB

    MD5

    ba38e31937cb8a34d2b91f53c308e5e1

    SHA1

    f8a8426a7afc4d73cb74b35b0804e23db053e309

    SHA256

    dbae1c247f764484a4bcbe60010caff85bab2fea4f469dc01da550fa26d3d313

    SHA512

    5d6b57314774a5d74ea3a0a2eec05d57a830a43fc4c19ad8d287f03d96f9f10cd865e17300db451d6711eb471fd9a8476785ad15b030b6533488aba1d84e95de

    Download Submit

  • memory/2188-41-0x00000000023B0000-0x00000000023B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2728-42-0x00000000001A0000-0x00000000001A2000-memory.dmp

    Filesize

    8KB

    Download