Overview

overview

10

Static

static

3

f57b3ba8ad...18.exe

windows7-x64

10

f57b3ba8ad...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f57b3ba8ad17d01ac7e0e51a6903c82a_JaffaCakes118.exe

  • Size

    826KB

  • MD5

    f57b3ba8ad17d01ac7e0e51a6903c82a

  • SHA1

    6c9d325c96b6abd55bf95c9308a8b72eca8c992d

  • SHA256

    08994fa356f6a16e8558f7dc35e66367c5162d314465d18a499d98297551647e

  • SHA512

    48e8cf3f46284d80b5fae618e5c76e66fa996dc65f3cdb2103a4168a225d8d943ac8dbffe463d4e56dcbaf06e05d7b83686d2593b9faa23c05f2a663dd13c8ec

  • SSDEEP

    6144:Xo/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/5:4ZgaYiZgaYiZgaYzZgaV

Score
10/10
vobfusdiscoverypersistenceworm

Malware Config

Signatures

  • Vobfus

    A widespread worm which spreads via network drives and removable media.

    wormvobfus
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f57b3ba8ad17d01ac7e0e51a6903c82a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f57b3ba8ad17d01ac7e0e51a6903c82a_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\AG58FPQON.exe
    Filesize

    826KB

    MD5

    9bbec70d9bf21d4ec2dd1bcf16e3eb82

    SHA1

    b50f1cb28f2298a6a67822723bfd7e80a0fa7579

    SHA256

    7e8ff0f8e659839c7fb23edfa098aa0806e9e412a4616294a0a98498d2b2efbc

    SHA512

    f1cbb61dbb1f966a46f5b136705236688edfafe8d6e02163fb47aefaeeb6c842881e30db19c41ba468728351352550ced0bfd72ccdf6995e7a0e0f73d48ce5f7

    Download Submit

  • memory/1992-0-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1992-10-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1992-74-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1992-217-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download