Overview

overview

7

Static

static

3

eac18046b6...18.exe

windows7-x64

7

eac18046b6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac18046b69e1d180980bb0f8413caf9_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    eac18046b69e1d180980bb0f8413caf9

  • SHA1

    2f3c75218f0d35ae8ef335d1801cbd17467ad54f

  • SHA256

    6dc684edc7b8de622ad7785e4364bfbaae256a7004f7518888b15adeef9f941b

  • SHA512

    e90f1e542db7cf06f7e22ce150172fa847708df12c2a00c7911a8c34a55fbeb359cf7e0fa41059c08524700e9531af60da59c215b874222a6337bc7e5211a27c

  • SSDEEP

    49152:4hz9Ts4Yi7lnezoCaQheI9P0oXYKgm1e6:4pei78kC/rIKX1V

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac18046b69e1d180980bb0f8413caf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac18046b69e1d180980bb0f8413caf9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\EThread.fne
    Filesize

    60KB

    MD5

    206396257b97bd275a90ce6c2c0c37fd

    SHA1

    3cae4506a033cf7e97156d5261f2a247c6270f42

    SHA256

    64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    SHA512

    4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\eAPI.fne
    Filesize

    308KB

    MD5

    7c1ff88991f5eafab82b1beaefc33a42

    SHA1

    5ea338434c4c070aaf4e4e3952b4b08b551267bc

    SHA256

    53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731

    SHA512

    310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\eCompress.fne
    Filesize

    176KB

    MD5

    a593d30e9a7ce91ae4c6e896ba2e7631

    SHA1

    dc01ee29fac3e5e965f90461f6be96c76bd22e6c

    SHA256

    36c8a8ebf097a2ed545a5915b6e01d82cdfa21a674642f16c04a74d3d44c63f4

    SHA512

    29882297ebff180d6b2f0b62a9ddfa8f26b514b71fcfb009bcd1de8cfd5fcb621b083be47cf1bcd66d6040291ee19751950ef58635477a195bfe413de8be8d52

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\exui.fne
    Filesize

    2.9MB

    MD5

    a744c0621961f836bade07b2e807f4db

    SHA1

    5d42bb3aece4818276f2d865791074abee4272de

    SHA256

    8c5fee018366e59f52bd160cfecf2a57c0e2d22f21018167ff378fffa418bc3f

    SHA512

    5c4d152ab5bf86372a17f9a652ec222f929f5b44d68b1fb1dbf4be1faf2d72d6648f589b8c5cbdae93de2445e4afb9bd1cc24edc707cd0bca835a4d649e498fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\krnln.fnr
    Filesize

    1.2MB

    MD5

    81c22cc42c6bcda834ecbc5eadaa35fd

    SHA1

    18d75f87b15497e786e34656721057a66bf3e834

    SHA256

    3e6241fc94443e8e2c6b2ec2298be385786079f0c8c3503c72b827796233e585

    SHA512

    4fe7dd4713fad03ac6583bc12c188b529334b596ac9eb61dccf5c8cdcbbefc758fb119cf730f1eb1fccd23c6a251ec0c1714d074434b75c23fcd828610df373a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N30005\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • memory/4196-15-0x00000000025B0000-0x00000000028A4000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4196-29-0x00000000044F0000-0x000000000454D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/4196-36-0x0000000004770000-0x000000000478C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4196-22-0x00000000042A0000-0x00000000042DB000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4196-39-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download

  • memory/4196-43-0x0000000005640000-0x0000000005655000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4196-0-0x0000000000400000-0x0000000000445000-memory.dmp

    Filesize

    276KB

    Download