Overview

overview

7

Static

static

3

ef21ae2ec8...18.exe

windows7-x64

7

ef21ae2ec8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 05:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ef21ae2ec8e97499a422d30e6f5113d2_JaffaCakes118.exe

  • Size

    279KB

  • MD5

    ef21ae2ec8e97499a422d30e6f5113d2

  • SHA1

    412868c3b23b8ff5a851eb593221f897f6374a4f

  • SHA256

    000e70bd4cd9853b2032b60196d54fb2946c8099bb421493fc8bf675c5dcf234

  • SHA512

    76ed66bebacf217d4be3f742c634c7c1614c68a7ea6b32b1823ab4ef072a40ff1501fff3b0d15662ee9b2a9c92b90ca98387f7d4f0c47e1159edee061dae51ff

  • SSDEEP

    6144:+i2ConwHSg/+BmbZgztmzTTJQM1mYn1MSJk69XpFtkkr:epwyS4mbZrT2MwY6Ak6Np3kkr

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef21ae2ec8e97499a422d30e6f5113d2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ef21ae2ec8e97499a422d30e6f5113d2_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2580
  • C:\Program Files (x86)\Internet Explorer\iexplore.com
    "C:\Program Files (x86)\Internet Explorer\iexplore.com"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2244

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Internet Explorer\iexplore.com
            Filesize

            279KB

            MD5

            ef21ae2ec8e97499a422d30e6f5113d2

            SHA1

            412868c3b23b8ff5a851eb593221f897f6374a4f

            SHA256

            000e70bd4cd9853b2032b60196d54fb2946c8099bb421493fc8bf675c5dcf234

            SHA512

            76ed66bebacf217d4be3f742c634c7c1614c68a7ea6b32b1823ab4ef072a40ff1501fff3b0d15662ee9b2a9c92b90ca98387f7d4f0c47e1159edee061dae51ff

            Download Submit

          • C:\Windows\uninstal.bat
            Filesize

            218B

            MD5

            62156209acde6283c6e0e7299eb7ee8f

            SHA1

            c51d8ccae9c40db3f516683efddc6c0e4c03b483

            SHA256

            b8505d9b3f2a93ee592269a0b8d0f98e48378e2302d64272bc0efc0af3352cd6

            SHA512

            5289bb7e688e5ee6c95e1dc21e24cd68669908feeffde9cfd3383774fcf7410dd045807b6c3e138f37134a2dc2176d0664ee902717d37db816f9eb4d57a422d0

            Download Submit

          • memory/2204-0-0x0000000000400000-0x0000000000511200-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2204-1-0x00000000002E0000-0x00000000002EA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2204-2-0x00000000002E0000-0x00000000002E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2204-15-0x0000000000400000-0x0000000000511200-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2304-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2304-17-0x0000000000400000-0x0000000000511200-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/2304-18-0x00000000002E0000-0x00000000002E1000-memory.dmp

            Filesize

            4KB

            Download