Overview

overview

5

Static

static

5

f9f7b6561a...18.exe

windows7-x64

5

f9f7b6561a...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9f7b6561ab87a5d97f833166853e708_JaffaCakes118.exe

  • Size

    772KB

  • MD5

    f9f7b6561ab87a5d97f833166853e708

  • SHA1

    532c1adc44b53f5cf8419bb2e7ff5db0989d1df9

  • SHA256

    c9dea368ced315a59d7f710ee9ab08446ba1d03961860579de451c0fbb2d3ca4

  • SHA512

    67b31d5f1359325f9f2289dd73b8105b7eca8897c517d879819e37d7418a04047360ffa1feca252400af6119d35eb204812071666a364d1679670a61ff734e47

  • SSDEEP

    12288:VjkArEN249AyE/rbaMct4bO2/VwmehMi5mLP2LZdjJQKhNfdvDm73hBDmcSCD5sY:qFE//Tct4bOs63mLgdtVhNBI3tSCaZW

Score
5/10
discoveryupx

Malware Config

Signatures

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9f7b6561ab87a5d97f833166853e708_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f9f7b6561ab87a5d97f833166853e708_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\autBB22.tmp
    Filesize

    28KB

    MD5

    3c6490212f87f009b0513c2980ee23f3

    SHA1

    58fa2c0cc3ebd4e74e15952866ae6113a0b9ff5d

    SHA256

    f1f67ecea30332c042b51b9ed45d6aa17c3e4329811ce8c203a57cad4dc2b692

    SHA512

    317eddc25d5f13aa70b60691c8a2ddb61758ebb1b5ce97ca3bba7c4b48924e71dcb1f171f41e6659ebbaab91f7da81d62fdf7c2574bed58c7e007429b865ccc4

    Download Submit

  • memory/3088-0-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3088-9-0x0000000000400000-0x0000000000504000-memory.dmp

    Filesize

    1.0MB

    Download