Overview

overview

7

Static

static

3

0f864a6022...18.exe

windows7-x64

7

0f864a6022...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f864a602248e324f968c20797dc424f_JaffaCakes118.exe

  • Size

    125KB

  • MD5

    0f864a602248e324f968c20797dc424f

  • SHA1

    66e4c9b22a438cba0bd87e992f14949f767ebc9a

  • SHA256

    6b200041162cba2502b54124d9c4dbec54b26112e176959ad6c0ac5d63deaff2

  • SHA512

    3f77f827cac94a23c5d7045ced40d91fec957be263cbc608fae3297246607465901542c74f418b99eb256c17532d0109fc3171b445a79ec673974e2244ed7a67

  • SSDEEP

    3072:EJgwBIxhn+dz7diTqkGqcZBUPs7dHNnu3lAzyDJkluJfBd8s:EuwWx8fScnUPey1BtB

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f864a602248e324f968c20797dc424f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f864a602248e324f968c20797dc424f_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4668
    • C:\Windows\Glycya.exe
      C:\Windows\Glycya.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:3684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Glycya.exe
    Filesize

    125KB

    MD5

    0f864a602248e324f968c20797dc424f

    SHA1

    66e4c9b22a438cba0bd87e992f14949f767ebc9a

    SHA256

    6b200041162cba2502b54124d9c4dbec54b26112e176959ad6c0ac5d63deaff2

    SHA512

    3f77f827cac94a23c5d7045ced40d91fec957be263cbc608fae3297246607465901542c74f418b99eb256c17532d0109fc3171b445a79ec673974e2244ed7a67

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    390B

    MD5

    a3257e6399e6a4e689c61c93ae802fd3

    SHA1

    37c74544164d551bdb3b9a48e732505e8f0f3216

    SHA256

    5de52701a5d5877d18aaa6208df8b201d176685458f16062073ca43ab02cf41e

    SHA512

    b5940a6834a73451cddc7cd0163872a35fcd691bb71720ae9e20121aa60d5af44261881c0e480af3485826e9c90bc093666717d1fbc76f6fc41947b07a95d65d

    Download Submit

  • memory/3684-135408-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-135410-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-9-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-135424-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-135416-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-8-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-39302-0x00000000006B0000-0x00000000006DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3684-36707-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-135412-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-65705-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-78728-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-78653-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3684-116534-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4668-19526-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4668-0-0x00000000005D0000-0x00000000005E3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4668-46781-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4668-19541-0x0000000002070000-0x000000000209E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4668-1-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download