Overview

overview

8

Static

static

3

fd944c4255...18.exe

windows7-x64

7

fd944c4255...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-09-2024 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd944c4255de42d17942fec624bc4674_JaffaCakes118.exe

  • Size

    56KB

  • MD5

    fd944c4255de42d17942fec624bc4674

  • SHA1

    e333ccf39c83dfa4d30b1639358532a6e5ee3ea4

  • SHA256

    68d70d749a7f781fa0ea6e41f71eb34e21111bdf674182b74d79bbb17b4c785a

  • SHA512

    bed1d36962ddc58e5eb916296b419ba54ef01a7f709a8d6e0ee988b0f4c1cb08fd3253c82d00ebac6fab9d9682c8bb524c40936890ee4fa01d48ea0d6e08d0ea

  • SSDEEP

    768:498dt9IfgSyiBoFRJ5L5BPhHvhhiVoi3Nm2M9f+BSUImDpJ92WyF6EJGpNoyGE:40cyqwJ5PlhHF26UvpL2Wx0GNoy

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd944c4255de42d17942fec624bc4674_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fd944c4255de42d17942fec624bc4674_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\ProgramData\lmxoleni\rijujcdu.exe
      C:\ProgramData\lmxoleni\rijujcdu.exe
      2⤵
      • Adds policy Run key to start application
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1684
    • C:\Windows\SysWOW64\cmd.exe
      /c del /f C:\Users\Admin\AppData\Local\Temp\FD944C~1.EXE.bak >> NUL
      2⤵
      • System Location Discovery: System Language Discovery
      PID:436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lmxoleni\rijujcdu.exe
    Filesize

    56KB

    MD5

    fd944c4255de42d17942fec624bc4674

    SHA1

    e333ccf39c83dfa4d30b1639358532a6e5ee3ea4

    SHA256

    68d70d749a7f781fa0ea6e41f71eb34e21111bdf674182b74d79bbb17b4c785a

    SHA512

    bed1d36962ddc58e5eb916296b419ba54ef01a7f709a8d6e0ee988b0f4c1cb08fd3253c82d00ebac6fab9d9682c8bb524c40936890ee4fa01d48ea0d6e08d0ea

    Download Submit

  • memory/3880-4-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download