Overview

overview

10

Static

static

3

066132f9e3...18.exe

windows7-x64

10

066132f9e3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    066132f9e3aa3ff3aa4faab5c873b5e5_JaffaCakes118.exe

  • Size

    192KB

  • MD5

    066132f9e3aa3ff3aa4faab5c873b5e5

  • SHA1

    1365352cac59601a423f98c81695c8174e0cf8fb

  • SHA256

    b3b337dc8c9507be0c54be68c030f4bffa00a64b7072a6f425283ebde6dafe8c

  • SHA512

    cfa9a7bb6c840a7dd87836869f00d9cfb4714fc9e9652d9f225bdd90e115e28b14d9f52a849256b6cabca2544db78be9402883e30ee063acb2d31861058a6aa7

  • SSDEEP

    1536:+Mc02OaSwaaaaat031AdQWB5kCFrWszRUOHFlQhzyLwVKftfVBiZHAPloFp5A2mm:MOnGW3kCFrWsF2eLbqx2s94sU4

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\066132f9e3aa3ff3aa4faab5c873b5e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\066132f9e3aa3ff3aa4faab5c873b5e5_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\cvgean.exe
      "C:\Users\Admin\cvgean.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cvgean.exe
    Filesize

    192KB

    MD5

    c79706b6008a6a9fd3dcb87d1f791923

    SHA1

    2dfd2f04bd1b70675603a226afed0169cb84453d

    SHA256

    d0df354613c279bd527958627c2731a369bee914bd201c957c9992047d2dbb24

    SHA512

    69105a5609b82b8f9b9409c7cc3855afb15f6556f4c3a0ae1fee172605d84eb0f0ea744d22b18c4ec5db5042dc1909533921d81902602c4dfdd60f4226bca877

    Download Submit