Overview

overview

7

Static

static

7

efbf1a7c08...18.exe

windows7-x64

7

efbf1a7c08...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efbf1a7c08e26eb64a1ab815eb3dca67_JaffaCakes118.exe

  • Size

    265KB

  • MD5

    efbf1a7c08e26eb64a1ab815eb3dca67

  • SHA1

    7352e516141e2cabbe3782e37cbfe3ed821db412

  • SHA256

    9d5d50ae4c45259e3e3950b990bf5b9f0dd0876d17fccfb3c4d8ac1c5b4265dd

  • SHA512

    a90d249d1580ff5bfe1d6200bfe70e8f7e23aa8664356ee958b8123ca460d14705d50b9303b7db78559c8b4c6948cc2de49c432b4fb09b79b135c44416773aa3

  • SSDEEP

    6144:836Z1F6ZWrjo/l1N3qb1xosJnSXHYqvu5xxQmhfWRzCUpf9Mk4W:82wZCI8b/otC5XQOuROUr

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efbf1a7c08e26eb64a1ab815eb3dca67_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\efbf1a7c08e26eb64a1ab815eb3dca67_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1864
    • \??\c:\mp3\svchost.exe
      c:\mp3\svchost.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2488
  • \??\c:\mp3\svchost.exe
    c:\mp3\svchost.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /u wshom.ocx
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1416
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /u scrrun.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3068
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /u msxml.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3044
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /u shell32.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2672
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s /u "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \MP3\svchost.exe
    Filesize

    265KB

    MD5

    efbf1a7c08e26eb64a1ab815eb3dca67

    SHA1

    7352e516141e2cabbe3782e37cbfe3ed821db412

    SHA256

    9d5d50ae4c45259e3e3950b990bf5b9f0dd0876d17fccfb3c4d8ac1c5b4265dd

    SHA512

    a90d249d1580ff5bfe1d6200bfe70e8f7e23aa8664356ee958b8123ca460d14705d50b9303b7db78559c8b4c6948cc2de49c432b4fb09b79b135c44416773aa3

    Download Submit

  • memory/1864-20-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1864-0-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1864-9-0x0000000002D60000-0x0000000002E1E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1864-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-11-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2488-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-19-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-30-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-34-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-22-0x0000000002D20000-0x0000000002D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2952-28-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-29-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-31-0x0000000002D20000-0x0000000002D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2952-15-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-32-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-33-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-16-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-35-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-36-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-37-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-38-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-39-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-40-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-41-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-42-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-43-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2952-44-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download