Overview

overview

7

Static

static

3

15ebb67851...18.exe

windows7-x64

7

15ebb67851...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe

  • Size

    148KB

  • MD5

    15ebb6785110391f59dbe89eef65d8ea

  • SHA1

    180902434364b104fb961468e41f8b3ce3682b20

  • SHA256

    63105b5902f8b7533c731e50671f0b35d153e48c2455ee775cf3f4d3caa267dd

  • SHA512

    207b79f3f7d4f45438f846908d693a22a2fd4042946d1ce9c67c9ae5393ed724da368c63d3cef1df6b780af29eaf21af0762122e899126447ca0f88b580074df

  • SSDEEP

    3072:nsLej2gTI/aPxcZVW9i2EYvHadKPz7+Aa0zSM+:ETVyaZzdOzqAa0W

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mC6MMd1eDi.txt
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3236
    • C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1680
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\15ebb6785110391f59dbe89eef65d8ea_JaffaCakes118.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4844
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4384,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:8
      1⤵
        PID:2960

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\mC6MMd1eDi.txt
        Filesize

        16KB

        MD5

        15671d34f8ecfd4b9a58601b2801a461

        SHA1

        4986c1b76263ee70cf3d8d4b81b9974d5809bb47

        SHA256

        c7bc639b9e3913a3fa96a88b8750cea1cc50215ff2dae302fbc3971c4a346f9c

        SHA512

        b52bc358889926a9618d5db8ce1670545aa340a7dd1f3224e9bac6c2184bd8c912f6edeea4c94d8491996b39b7912800ab2ec009f7812599cbff69dbaee6e8b1

        Download Submit

      • memory/1680-15-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/1680-16-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/1680-17-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/1680-18-0x0000000010410000-0x0000000010434000-memory.dmp

        Filesize

        144KB

        Download

      • memory/1680-19-0x0000000010410000-0x0000000010434000-memory.dmp

        Filesize

        144KB

        Download

      • memory/1680-25-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/3064-8-0x0000000000400000-0x0000000000417000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3064-11-0x0000000000400000-0x0000000000417000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3064-10-0x0000000000400000-0x0000000000417000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3064-9-0x0000000000400000-0x0000000000417000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3064-29-0x0000000000400000-0x0000000000417000-memory.dmp

        Filesize

        92KB

        Download