Overview

overview

8

Static

static

3

052ca5f7b4...18.exe

windows7-x64

8

052ca5f7b4...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    052ca5f7b4c0290089a34faa8cabbebe_JaffaCakes118.exe

  • Size

    195KB

  • MD5

    052ca5f7b4c0290089a34faa8cabbebe

  • SHA1

    669ff4abed46f24e35c0149eb293f03c444e174b

  • SHA256

    fe0cc2324a4aeb784b297c4d2db23f69e7b311231f6671d25f0ca9b49f758512

  • SHA512

    90d2fcb2ad7b902badab0080740b1faf3f3dbff57ad70fc0ae7c5ece53ed4136a1ebf5e774f7f5485f8c15e344225297292f133b88f217ac498e5c6f21df01fb

  • SSDEEP

    3072:0z+dXw6kjcHp4uTc9+Mz+T+Xo3CpjP00H+5tBwBWIuzTS5lKP7zmf3o1Wgm2m:0z+y6k2/TAadypjP0T5teBM8lKP+vwP

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Executes dropped EXE 6 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
    defense_evasion
  • Loads dropped DLL 33 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\052ca5f7b4c0290089a34faa8cabbebe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\052ca5f7b4c0290089a34faa8cabbebe_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\QvodSetuPlus3.exe
      "C:\Users\Admin\AppData\Local\Temp\QvodSetuPlus3.exe"
      2⤵
      • Drops file in Drivers directory
      • Event Triggered Execution: Image File Execution Options Injection
      • Executes dropped EXE
      • Impair Defenses: Safe Mode Boot
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe
        3⤵
          PID:2732
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          C:\Users\Admin\AppData\Local\Temp\\svchost.exe 10.127.0.1
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2436
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          C:\Users\Admin\AppData\Local\Temp\\svchost.exe 10.127.0.2
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:572
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          C:\Users\Admin\AppData\Local\Temp\\svchost.exe 10.127.0.3
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2528
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          C:\Users\Admin\AppData\Local\Temp\\svchost.exe 10.127.0.4
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:876
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          C:\Users\Admin\AppData\Local\Temp\\svchost.exe 10.127.0.5
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:316

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\QvodSetuPlus3.exe
      Filesize

      16KB

      MD5

      e9b1168dfa8380f3a4386121dc521f14

      SHA1

      e34b21ddce0f58d7b102d3ec20dbc2ad56d7fc50

      SHA256

      8754a5c1bca666c3c0d9405d26680115c67df90e55f68ddd4ab91807c1464243

      SHA512

      deaa8691493f59ad679931bdb1f2bc2aa4cbeba3dae404f45e37e8fefd69bb97fad0b8763fb767ab24890a30ecb7f6e5b80b8cd5e46e7eed32f0e9e307dc536d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      5KB

      MD5

      e7572d408f825a614409a5b84b9a256a

      SHA1

      8feb82d74753a1443baf2ab5680027de3635c4ab

      SHA256

      4040246d0f051cd885f43ede9220cbde8b0134e23d529973fcb41399010b4023

      SHA512

      5b817205daeb2392f2170cc1857daf0067fa3a7b51bf2ef83e30c5f4cfe1b2d5db1fd93ecac003466d376a4f39578bd56c40fa8a7c06cb1d57360c35c76c3ef5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\urlm0n.dll
      Filesize

      1.1MB

      MD5

      2ee1e467d73642afddb03019f58c252b

      SHA1

      ea1f3b03f46db029a955190692cecbc571e1d46c

      SHA256

      5a7d5dafe22082b3ed035d640578ed7b5005edfe80e5c911774ec77a2caff1b3

      SHA512

      3482715d7c9adbfe61f7834120d1a8fce47ae5d70add285ddcfe8802a5d4a95ae00ae82079b9b9639c5d4fa5126ecfc61e1b09a141c0fea86926e26fc22f9082

      Download Submit

    • memory/2148-0-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2148-25-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2860-21-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2860-49-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download