Overview

overview

10

Static

static

3

052f3ee2a0...18.exe

windows7-x64

10

052f3ee2a0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    052f3ee2a02e97074e6d8ca7ce2ed16d_JaffaCakes118.exe

  • Size

    228KB

  • MD5

    052f3ee2a02e97074e6d8ca7ce2ed16d

  • SHA1

    725e15e9c54a821bfb7d55b2801f476fb226d8af

  • SHA256

    ab22e2c76980e40154bfcfe98f1694ff1322c9e0a20d95b53841b2a005fcc2a5

  • SHA512

    33898e1395562e2889ca112831a7d0946919bbdf94629e22e58cec70c9429b2b97dbbfc32f721aadb58aa09c4f0b73c4d241d78c8d0828e7cc77f31f76d412b2

  • SSDEEP

    6144:EKU23dwqsNy5ibpNjl4EqxF6snji81RUinKIC:BUUdQxl

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\052f3ee2a02e97074e6d8ca7ce2ed16d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\052f3ee2a02e97074e6d8ca7ce2ed16d_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\jouna.exe
      "C:\Users\Admin\jouna.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\jouna.exe
    Filesize

    228KB

    MD5

    0f4d656c1e0199a882273ad50d897d52

    SHA1

    5583b2b7a97b1eff8d02e7e05a97bd433d6eac55

    SHA256

    dd914334b7fd01ce7ac70c563a467dd62f4998a6d7f25c5eab23f0d9303d6b6c

    SHA512

    6de0ada28c4d378ec879e37b0a75706a81e0619b6b9200a609e034dbce3fd61832c7fe258afad0ec1deb9af3a25548331397a002626afbea188a0de8c6b19ac0

    Download Submit