Overview

overview

7

Static

static

5

f6072edfd0...18.exe

windows7-x64

7

f6072edfd0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-09-2024 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6072edfd0ffbef3deb52375585fce0d_JaffaCakes118.exe

  • Size

    158KB

  • MD5

    f6072edfd0ffbef3deb52375585fce0d

  • SHA1

    f9b5aefd3f123023c22288a892f1c530e244dfac

  • SHA256

    1814b9bde75aa7f8d4c7ad9e60badb42f341f9cf2c75dc05292a784dab6a7ccc

  • SHA512

    2f5975bd29a3c4679d639227253fc97e088b9f9493dd3f61dcd4f8d4c1200441eae90a85cd14f855fa5d0ffbf2b8fbf80ed16db847732860927be7b0d5aabd41

  • SSDEEP

    3072:XA6Ucj4OV5/wqlltLqX9JZvfZLCY3Ioub4LQnG/aKqkcyhva:XA+j4WRlltLqNPvHvutG/aKqohC

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6072edfd0ffbef3deb52375585fce0d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f6072edfd0ffbef3deb52375585fce0d_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Windows\Bnugea.exe
      C:\Windows\Bnugea.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:4276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Bnugea.exe
    Filesize

    158KB

    MD5

    f6072edfd0ffbef3deb52375585fce0d

    SHA1

    f9b5aefd3f123023c22288a892f1c530e244dfac

    SHA256

    1814b9bde75aa7f8d4c7ad9e60badb42f341f9cf2c75dc05292a784dab6a7ccc

    SHA512

    2f5975bd29a3c4679d639227253fc97e088b9f9493dd3f61dcd4f8d4c1200441eae90a85cd14f855fa5d0ffbf2b8fbf80ed16db847732860927be7b0d5aabd41

    Download Submit

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    390B

    MD5

    424ae0d62464d114eae97d53542b4886

    SHA1

    43e45af558afe49047938dced322c878db86644b

    SHA256

    b0c3bf7dbd9a2d054eb7b03174e573ed7928f0de47d01c3b2c68190afbf27809

    SHA512

    d5bdcb4173a6c3f047390d9ca2d0b7a87ed26ca4c2e8e933939d61ed55416f9cff99511e3f34a6b82d067b4a6feb91f1c2a81999796bb71d9836216a119376aa

    Download Submit

  • memory/4276-82008-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82015-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-9-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-10-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82019-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82018-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82002-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82017-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82016-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82010-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82012-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82013-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4276-82014-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/5004-2-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/5004-0-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/5004-82007-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/5004-82003-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/5004-1-0x00000000021B0000-0x00000000021B1000-memory.dmp

    Filesize

    4KB

    Download