Overview

overview

10

Static

static

3

0a36fe1831...18.exe

windows7-x64

10

0a36fe1831...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a36fe1831e0aeb8d44615bdcaf30748_JaffaCakes118.exe

  • Size

    172KB

  • MD5

    0a36fe1831e0aeb8d44615bdcaf30748

  • SHA1

    2a26fbf980e15188b10969c6dcd2ebe87e90fcc7

  • SHA256

    63e1cf057e95c84dd71f37fb099f8552ce65424f9945be37a22ef7994fa77c2d

  • SHA512

    7a0555d8660763b319be38ec26169074cd4bc2e667f7c536b56b741754522729ed30a87ad1dc0adab34c6b76ce53bda799bc0f30d97f52e60a2f98bd99096aba

  • SSDEEP

    3072:9b3QXXeRgw3tiKnvmb7/D26nYNpnHzqTT8RUFwjkKvLg3dvCgIHzmWZAlGbBmiBN:BAXXeR1UKnvmb7/D26nSnTqTT8RUFwjL

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a36fe1831e0aeb8d44615bdcaf30748_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0a36fe1831e0aeb8d44615bdcaf30748_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Users\Admin\cuepud.exe
      "C:\Users\Admin\cuepud.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\cuepud.exe
    Filesize

    172KB

    MD5

    851c67e11a1e8aaa6bbcbfc5d4d52386

    SHA1

    f68b530457af11bfe488ef12cc3ed2b8e2098007

    SHA256

    ec43a05fb46d3f974cd94d8291d381d2d46fc6d6c8ef9a2cc5f2d5b565ecb412

    SHA512

    529278c5376dd6b2f52e302054d5f49b1c9a1ceb8418f7cb5e16e69f0a4624b8613d13a60b39c64bc44fc26aa121d998109b353dea667030b989dd99c14c581c

    Download Submit

  • memory/1784-16-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1784-23-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-15-0x00000000027B0000-0x00000000027DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-14-0x00000000027B0000-0x00000000027DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-21-0x00000000027B0000-0x00000000027DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1792-22-0x00000000027B0000-0x00000000027DB000-memory.dmp

    Filesize

    172KB

    Download