Overview

overview

7

Static

static

3

eac7708ade...18.exe

windows7-x64

7

eac7708ade...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac7708ade63c4134f5a485256efa4be_JaffaCakes118.exe

  • Size

    55KB

  • MD5

    eac7708ade63c4134f5a485256efa4be

  • SHA1

    5fb8aaf18c2ad459e73022cdb8d32ba15d964aba

  • SHA256

    400ac1638afa04623eb1c9348938457d69288d51ee9cd2e85d8ff35d6b50844b

  • SHA512

    19e1e312711c3f6854637fcc99b790416f93d444338bd16b4340aa4054f844e2774443fa55eb2e2db13f44ae2983ee97998dcf0e33208265577e0f0755b3ef19

  • SSDEEP

    1536:nwT3m7s5Wrkuz6rRmlu4gk7IjXqJbvzNQ1m3xI:nwTAs5WQuyk7iXwLN62I

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac7708ade63c4134f5a485256efa4be_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac7708ade63c4134f5a485256efa4be_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Print Processors
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\spool\prtprocs\x64\xyWS1e9a.dll
    Filesize

    9KB

    MD5

    3022a4133a3aeb63469d0d6622166f62

    SHA1

    9f6ce857c7cc3ce056ef535d0ef0955e43722c86

    SHA256

    b91c677e48439538bae66abd5f059aa035cc4bf6dd1f6692f1c1c9d353511f2d

    SHA512

    4a61883c279d3d57f09d81a87c9c5ceff8a3690ac00be3e761c4da73d06df5564f6e50a1783cac2888d67c34fd97c80414c8512c38978a36ab8e59286d47748e

    Download Submit

  • memory/784-1-0x0000000076F30000-0x0000000076F31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/784-0-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/784-5-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download