Overview

overview

7

Static

static

3

eaa40a7858...18.exe

windows7-x64

7

eaa40a7858...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaa40a7858c57f7a425913f149abb3d9_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    eaa40a7858c57f7a425913f149abb3d9

  • SHA1

    9252f4015428e5d73fc8ce89b704f8e9afdf8686

  • SHA256

    2dd88c99fdb269ac0c7a7c03cc15ca32086b9f6dd7ac4853d789c67325047831

  • SHA512

    f4da0a0d16dce79ad6d7bdbbb10447203f46b8114fa352d67727b87b01b178b5aad3f3d196990f52b235ce074f2ae5196b04e4d015145a914f3c7238856b6734

  • SSDEEP

    768:lutAzyUyeO9+5nhOPFsYX4vUVCKgCsB6agm:lJmehOdsYX4+RKB

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1236
      • C:\Users\Admin\AppData\Local\Temp\eaa40a7858c57f7a425913f149abb3d9_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\eaa40a7858c57f7a425913f149abb3d9_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2116

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\mppds.dll
      Filesize

      19KB

      MD5

      51c156e87acade1d657e60354ffebe11

      SHA1

      a321bf9ec54e4ed3234db756723fd757dbbd363e

      SHA256

      38377dbc86ef413e6adf0be46fe528be507c03454d5e369c34d7afd1668876f1

      SHA512

      75ea37560f5e4cb696994501126a0864a7bc7c320871fd75d0c8248306684ac7af5ec25c41e4bd55d1e31634ccdcae4e1972a859ee79c817590c9d0019e54b32

      Download Submit

    • memory/1236-2-0x00000000024C0000-0x00000000024C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2116-8-0x0000000010000000-0x0000000010009000-memory.dmp

      Filesize

      36KB

      Download