Overview

overview

7

Static

static

3

030177a9ef...18.exe

windows7-x64

7

030177a9ef...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 19:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    030177a9efdf10f903f99d50fe12859d_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    030177a9efdf10f903f99d50fe12859d

  • SHA1

    6daa6df957fb09f4c862a165d1f16e564ffd092a

  • SHA256

    6238a678de439cf645d7cbd3430a4caefc31b891d49730717f0fc6620f301f23

  • SHA512

    22997643a5b529ca3950c6a929ead29ef3d5f8c5a17b86ffcd077e825ead146f8c3bfaee0c21e219b90d7fed443e02a75fa4a9a165797d68e18b75b2235013cd

  • SSDEEP

    24576:sIDAVhGH6D1wWAhT8BgV+IFB/EJoGoO55z3WOqRdTsB1vfBx2LZX0C:sID3CwvS7IF+2OiAf2Rt

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 28 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\030177a9efdf10f903f99d50fe12859d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\030177a9efdf10f903f99d50fe12859d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Users\Admin\AppData\Local\Temp\~ZYEA7E.tmp
      C:\Users\Admin\AppData\Local\Temp\~ZYEA7E.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2700
  • C:\Windows\system.exe
    C:\Windows\system.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2128

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\~ZYEA7E.tmp
            Filesize

            747KB

            MD5

            177301cf490c1a0f4e47df7bf78396ed

            SHA1

            417797d7cff2e3cf59350cb0ef29e177583e2af5

            SHA256

            bc05560f09ae317dc45a042247fb933d27eb10323d8d1a5d30638d5d78fe010e

            SHA512

            41e851e9fe100cbc83e8f509716fd1aba0835613ffb2e4b9dbb3b6f372ec46c719ab1f0154bca9341ed6df040a375476d61cdee2129783e51293a160a11083ae

            Download Submit

          • memory/2272-1-0x0000000000400000-0x00000000005A1000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2272-9-0x00000000002E0000-0x00000000002E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2272-18-0x0000000000400000-0x00000000005A1000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2272-19-0x00000000002E0000-0x00000000002E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2700-10-0x0000000000270000-0x0000000000271000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2700-17-0x0000000000400000-0x00000000004C2000-memory.dmp

            Filesize

            776KB

            Download

          • memory/2708-15-0x0000000000260000-0x0000000000261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2708-22-0x0000000000260000-0x0000000000261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2708-21-0x0000000000400000-0x00000000004C2000-memory.dmp

            Filesize

            776KB

            Download

          • memory/2708-30-0x0000000000400000-0x00000000004C2000-memory.dmp

            Filesize

            776KB

            Download