Overview

overview

7

Static

static

3

eacd4dde0e...18.exe

windows7-x64

7

eacd4dde0e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eacd4dde0ecb904e8148c6cee94e2d73_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    eacd4dde0ecb904e8148c6cee94e2d73

  • SHA1

    e9c06a29a67d51729a297f7ab88431c50bf2f142

  • SHA256

    17c861a69153317378cc0da4bad64ea495eac616b50c6f58ff3b8f98865ab36c

  • SHA512

    fad91aa1d8c6d3a916abc893e751bfe2fccea02588cdd5ca8bd2e7e1af3a0fbe615e533493b02b81d8d3feaa6e2a1a8d98d5d6ce78ac1bcbb698fffae96a1466

  • SSDEEP

    24576:ChsMuyoya8M0vIMkfaDteQFPO/YtcIuogBmZ5Hj95wcoo1F8fwbJmA2JG9pvgd7x:ChsuMn/fUDWA7uov+4H8fwFmAKG9iTVJ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eacd4dde0ecb904e8148c6cee94e2d73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eacd4dde0ecb904e8148c6cee94e2d73_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
    Filesize

    312KB

    MD5

    936745bac5c873ab1a91478d27894626

    SHA1

    9ed92393f95692339ce03a8f1498f80c727e0555

    SHA256

    edfbe514d330e942ecd50dd7331659d59df27668e762d5a00e43df67f5f08630

    SHA512

    32d15337ab7a62ff25802c04bd782f5be36012f1a5251d962226a8e8e2daa7bc0a35b9cbfb67889d3b9dbc5f6cc51f924bae963ae12619249b22f2cc9aa2bbd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    Filesize

    1.1MB

    MD5

    cf46bb62a1ba559ceb0fad7a5d642f28

    SHA1

    80b63dd193e84bfacbe535587dd38471b8ea2c24

    SHA256

    fe4bba1a99b332c8bbd196d3a2f3c78d9edc8f212842ff2efef17eba38427f67

    SHA512

    1f71f31fdc1ef7695d7a6e79218a9192804178bb2af80486de4f8ff3d7e176860813a61fa265bf78fe4ff722a85b72798938d715d8a2a034ac759505197a1058

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N4\twain.fne
    Filesize

    168KB

    MD5

    6754fe731fd62f8d79cdab920c1f75ae

    SHA1

    35b6debfb15a730893d511a2b5d955d8ed536e84

    SHA256

    b070b2c12ff72a9fde5a73753955ee546073be43e7ce748a69e250eb481dcf1a

    SHA512

    8778ca27181f9815bb188f1116db2af788b3b20b284c1404b618749ea47ca1a6d4aa6e1d76538f17005433738220d4014b6decab97891b370ee262cda1c6b400

    Download Submit

  • memory/3944-0-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3944-15-0x0000000002080000-0x00000000020AD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3944-22-0x00000000027E0000-0x000000000283D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/3944-26-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download