Overview

overview

7

Static

static

3

ea758f2a86...18.exe

windows7-x64

7

ea758f2a86...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea758f2a8637ef1ccfe2161a93b7c5f5_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    ea758f2a8637ef1ccfe2161a93b7c5f5

  • SHA1

    d87eea09ecb2229d8ce67768a43e308a5cc68720

  • SHA256

    96cecc0ff78fce80862a51e84861a6b07426f79deced37df85e7569bde8a38e8

  • SHA512

    065d4b0ea0b289a5c3d64bf6c3b92af5cc160608caffb2c8c949f5451246d6edee4d1f22ca4ed0fb66bfd4defa3fa1426ff46f2b8a00f6a7026b95f2b8540f9d

  • SSDEEP

    24576:sB4BblWzyptJKO/sEYYHnitT58tlLCQzoOkhV8iaM:sB+bohTnuo

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea758f2a8637ef1ccfe2161a93b7c5f5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea758f2a8637ef1ccfe2161a93b7c5f5_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Windows\winamp.exe
      "C:\Windows\winamp.exe"
      2⤵
      • Executes dropped EXE
      PID:1960
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\winapi.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\winamp.exe
    Filesize

    1.3MB

    MD5

    c3c9c7e803c22f09379d145f4076b1e8

    SHA1

    325783f39761f177a1c9aa6edebd4bbd78470cbd

    SHA256

    36bf0e8b461f0d0bd4d73ae54ec4f65167d00bdd1efb87a2108671ffb1e87de4

    SHA512

    85f89d239c09f85023d279969d05d0bf7d6a65b64089982abae1564f82083a291519895836a608a01121fda37afacce484c87520914d994904b58a19cb248b0d

    Download Submit

  • C:\Windows\winapi.vbs
    Filesize

    296B

    MD5

    36dcaa06d006504409f60d8172061616

    SHA1

    b3cae7b48c91381728dd1aa2cbe8beaafbe26c11

    SHA256

    8aed60a2c7f754f2f72db32e077cb4bf2f2e4d6b6acaa164e786494c81c01c8c

    SHA512

    0fe2fc70e175843e493902832032fab0997adcbe9ca2979e97112bbf35cdd97d8dbc9a2547f2e7b7f22fac9599128fe8248624d32649c8ac68d1c8559d48907a

    Download Submit

  • memory/2612-10-0x0000000000400000-0x0000000000548000-memory.dmp

    Filesize

    1.3MB

    Download