Overview

overview

10

Static

static

3

eebeaee66a...18.exe

windows7-x64

10

eebeaee66a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eebeaee66abe3c5cca60f77526907728_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    eebeaee66abe3c5cca60f77526907728

  • SHA1

    c772914d3ce1babb4b8da007fe8800a87ff7b5eb

  • SHA256

    7c3881f125cc849f8dc14f0245782273e7d6953e729c43058065cffddac9a387

  • SHA512

    0857e83c9f1316be5e902585a7ece22a151e1592dedbabd8e8374bd09a1e588ba13deecd49b69d951d03ae2bf2131d5f68df4b89d75e5fb66e170918a9689aef

  • SSDEEP

    1536:iXs9wrnUh4d7ygVpn0uv77P11gqu87NhofgDdBq:iXYw4+dGgLn0sP11gqTofgZE

Score
10/10
discovery

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.alizametal.com.tr
  • Port:
    21
  • Username:
    alizametal.com.tr
  • Password:
    hd611

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.yesimcopy.com
  • Port:
    21
  • Username:
    yesimcopy1
  • Password:
    825cyf

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eebeaee66abe3c5cca60f77526907728_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eebeaee66abe3c5cca60f77526907728_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Program Files (x86)\2781ab10\jusched.exe
      "C:\Program Files (x86)\2781ab10\jusched.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\2781ab10\2781ab10
    Filesize

    17B

    MD5

    6ff89798e0e63d75115c777af43a2cd9

    SHA1

    e8b994ccbbe64951afe91fc3dd377f88fe6c9ba8

    SHA256

    3b3947957c6e0abb19d91b256521bdb3826d88d9b7b53995e177a58cebf0d479

    SHA512

    46557f9bf6f5c5b3316891a9b623a7d11d8d8ff1973ca84cfbcf8d898746f2dbded7fee837c9a70c2e36f9b46a357fe2ba53585bf5307950d2fef6ee1dcb28a3

    Download Submit

  • C:\Program Files (x86)\2781ab10\info_a
    Filesize

    12B

    MD5

    02d54089aebc1aaa6518ea9b639e7283

    SHA1

    4d55864fbe480e43658dc0c4071595d11d3e264c

    SHA256

    c12d358fa7bfe78102f34c75966a06cf42f9d3d73483a444cff792115d7d6e12

    SHA512

    d44c27cd38ecb81440669996c2fafff17e91c8320fea4f0f78a106ca588d277aa562b2fa4c268bd805664fa3bd6a53d9e10b1bfa4f477cc5cac00d4bc586ba12

    Download Submit

  • \Program Files (x86)\2781ab10\jusched.exe
    Filesize

    196KB

    MD5

    eca9c0ef87b73b03cc34c2bc80a59bef

    SHA1

    2c5c7119452c8d8e67b28bba0109873c982aa96f

    SHA256

    59d384967ff3096f7e7c3f1f6a0aaf4e7006113295ab4ad5227fb342df25247b

    SHA512

    912dafae5f071dd5dfb85c55eb540b4259262c853b288927cdb28bf4df84e7351df803dc9f2662f481becd436b6f3c922d69cabb0e71aae741ff10d85dff60a4

    Download Submit