Overview

overview

6

Static

static

5

f578a3e6ee...18.exe

windows7-x64

6

f578a3e6ee...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 07:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f578a3e6eedeae147f26e3c81198637a_JaffaCakes118.exe

  • Size

    152KB

  • MD5

    f578a3e6eedeae147f26e3c81198637a

  • SHA1

    73f4f01f5a149192d3c1dc2c014d22653c5a9da4

  • SHA256

    bf55a5463f29df35928b58290ec245672409c206b36e9333c724d383548578d3

  • SHA512

    0fda1e21d75a586eff8be6d5c0eeec605598151c89e443b438cd751a25a1600037d45b247f7760cafb5cf7706811c251e0cc5b918d540b814fe034e469f67b94

  • SSDEEP

    1536:3f73Ri7+ueTBdPafVjErsyTlU5sU3xGUG4UhAcI2roRjGWe3Zv5ArH7MnT+qjIty:P7ueG9ErYsU+AcI2rv3bo7MnTqtQdhZX

Score
6/10
discoverypersistenceupx

Malware Config

Signatures

  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f578a3e6eedeae147f26e3c81198637a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f578a3e6eedeae147f26e3c81198637a_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\lcss.exe
          Filesize

          177KB

          MD5

          15e08261cf5c63a40745349a0603a0de

          SHA1

          6a132651ef71e32cbf9ef9f3ae790d1eab3cd1ed

          SHA256

          0d548808f75115fa752bd57d2083c08c8a4af86b2b9362fb55737567ae2ea5dc

          SHA512

          84b0e8bb59653e0bf72d0b3c4549d3bb456b2e83156872e5445323f006b2e88dbb2728f93bd60292f1054fc8352927f8e8dd6f8d6ed6cae75d9a5b6f087cdbc8

          Download Submit

        • C:\Windows\SysWOW64\net.cpl
          Filesize

          103KB

          MD5

          b01071afc2be3361741348a41a6e61b6

          SHA1

          a2b300acfe41ac1cb8d360fe88389f1260afff4b

          SHA256

          be91bff68bcfc44d873052fc69d08e2c46860272cd9c2d78721f5b925a5feb4f

          SHA512

          8f0a85f31e0197558d3fbf2bad42645941f94af9e67cc2c4d4b83fc19b4f6500ee312dc2f9811cb3a6b62dfba4d1459bbb0f3939ecf77441de0679b0a09e7843

          Download Submit

        • memory/4956-0-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4956-25-0x0000000000400000-0x000000000041E000-memory.dmp

          Filesize

          120KB

          Download