Overview

overview

10

Static

static

3

0fa7f59e13...18.exe

windows7-x64

10

0fa7f59e13...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fa7f59e13a3f9e349afeb0837666776_JaffaCakes118.exe

  • Size

    268KB

  • MD5

    0fa7f59e13a3f9e349afeb0837666776

  • SHA1

    8589baebf5e525e7ad3bf36f6ec79adcea0b8dd7

  • SHA256

    c3587b09ffe29b0f3855772fefb43a4bd45b86c8c62351f03ef0863e28c2645d

  • SHA512

    d2b3d889f691388563c8fcecfbf8a01555a8131a0d639f09358b74fb934719e177552bc64fbac8d2dc5ab1223df910b5a72752e7a729c67f184c6f95c7a51c0c

  • SSDEEP

    3072:RE4rAUww0sPUTVY7fhINP7JsfLBsyVEJ8Ixjtmkp44upWuTNgX8Tjee/L1pxW6g3:GMlsgfuNPK5VEVtmk4DAuTxeOxa

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fa7f59e13a3f9e349afeb0837666776_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0fa7f59e13a3f9e349afeb0837666776_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Users\Admin\foibi.exe
      "C:\Users\Admin\foibi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\foibi.exe
    Filesize

    268KB

    MD5

    f1bf78e9ff586a8063b4b90b839e57e2

    SHA1

    7e6ba37ecf59bdf6f2b20b5d33e1636c1d52f3ed

    SHA256

    d20467066035892d4aababcd6a05c1bc92d4ee6383eb0aa1f8fb50f5ef09ed3f

    SHA512

    33c604eb6b493ba7b06f71613d46e86295c86ea566ec3e36601eec2e4e1d33bb977083b2b992339090e2e70539dbbf944ca99e782de63b37712d7d5fcb5943f4

    Download Submit