Overview

overview

7

Static

static

3

eab9324b2d...18.exe

windows7-x64

7

eab9324b2d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eab9324b2da207d67b07a266d78d1c1f_JaffaCakes118.exe

  • Size

    661KB

  • MD5

    eab9324b2da207d67b07a266d78d1c1f

  • SHA1

    9a0bac16eef519363e294185c1f218f5c2897d18

  • SHA256

    3b10a594c75f169a89ac0c61f6012acc43036fc13a073006ddbad0e122f0bd77

  • SHA512

    07c182101bef3d4c85676c2174041f7ecd087281a247828da40da978abafb18dbbef4f88bebabff2eb11f2847190f60560afd6564fa8534f24c0e00433806092

  • SSDEEP

    12288:I0VNfOrKDPWp0bPsYy4+4zF8AzN+QNvjF3Z4mxx4SJiV6Kn3jL:IzV6XyeZNR5QmXLiQKX

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eab9324b2da207d67b07a266d78d1c1f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eab9324b2da207d67b07a266d78d1c1f_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2148
  • C:\Program Files\Online Services\winlogon.bat
    "C:\Program Files\Online Services\winlogon.bat"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Online Services\IRDUTD.DAT
    Filesize

    51KB

    MD5

    7133d3f50200d4d92183849c6bf6d90b

    SHA1

    e7dac7471b67edf5de9e7f5d14c968f451223903

    SHA256

    68c2e172b7f27b2fed4830ae66af900ca11000467f1c485c12dd3a3b4e19acc5

    SHA512

    097abeaadf47f389f1cba1263f4e6eeb8d716a22051d1f62bd8d34046498ee91ab0bc0b4004312171e2754957f940c4372462a472ea149ea27e1e3bc82a8307f

    Download Submit

  • C:\Program Files\Online Services\winlogon.bat
    Filesize

    661KB

    MD5

    eab9324b2da207d67b07a266d78d1c1f

    SHA1

    9a0bac16eef519363e294185c1f218f5c2897d18

    SHA256

    3b10a594c75f169a89ac0c61f6012acc43036fc13a073006ddbad0e122f0bd77

    SHA512

    07c182101bef3d4c85676c2174041f7ecd087281a247828da40da978abafb18dbbef4f88bebabff2eb11f2847190f60560afd6564fa8534f24c0e00433806092

    Download Submit

  • memory/2080-48-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2080-38-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2080-39-0x00000000040D0000-0x00000000040E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2080-37-0x00000000002C0000-0x0000000000314000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2080-36-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2080-35-0x00000000040D0000-0x00000000040E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2080-30-0x00000000002C0000-0x0000000000314000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2080-29-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2148-23-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-18-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-5-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-4-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-3-0x00000000005C0000-0x00000000005C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-2-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-1-0x00000000002D0000-0x0000000000324000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2148-0-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2148-7-0x0000000000640000-0x0000000000641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-22-0x00000000032B0000-0x00000000032B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-21-0x00000000032C0000-0x00000000032C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-20-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-19-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-6-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-8-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-9-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-28-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2148-31-0x00000000002D0000-0x0000000000324000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2148-10-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-11-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-12-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-13-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-14-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-15-0x0000000003290000-0x0000000003293000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2148-16-0x0000000003390000-0x0000000003391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2148-17-0x0000000000660000-0x0000000000661000-memory.dmp

    Filesize

    4KB

    Download