Overview

overview

7

Static

static

3

2cee37fa40...18.exe

windows7-x64

7

2cee37fa40...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cee37fa40efa4db1eab5b5169684d8e_JaffaCakes118.exe

  • Size

    82KB

  • MD5

    2cee37fa40efa4db1eab5b5169684d8e

  • SHA1

    38496f3fe613ba3cb4b4437cde3b2e9cd76e68b0

  • SHA256

    d9110e6cee9693adacf497a91f8c2dd925ceb61c3981f8782173244a3b5d4c84

  • SHA512

    0c4248338a3330aec1d5ee7c8fb92d71a9269e47c076afb4eecbeee010d34f6ef982a4e7b41d058c03c4a9fd720c2c5842fbfe17a8cf782bc234458716dc0985

  • SSDEEP

    1536:n5neEhlcTW5sk1jtf2XvWINndIcN6JhLs5g7EPXOteSx0cw1yA02:5nj9jtfU+INndIc0JW5imCbLgyA02

Score
7/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cee37fa40efa4db1eab5b5169684d8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2cee37fa40efa4db1eab5b5169684d8e_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3192
      • C:\Users\Admin\AppData\Local\Temp\23.exe
        C:\Users\Admin\AppData\Local\Temp\23.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2160
        • C:\Windows\iexplore.exe
          "C:\Windows\iexplore.exe"
          4⤵
          • Executes dropped EXE
          • Checks whether UAC is enabled
          • System Location Discovery: System Language Discovery
          PID:528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\23.exe
    Filesize

    27KB

    MD5

    15c8b6c06fe7d4355b13550a368ed67b

    SHA1

    a56f03002254f9613503316793bfbac2b730de1b

    SHA256

    3f2c1c1a920d5cbe99c6633c98789d370993d125d4ca7ef4feecdd24eea8f93b

    SHA512

    a16707b447de57baed4e89b1aada0d3a2c1c605f7c3ed63784ac1b6e501326a1e2c9444fadfdfd4a3f2aad5661c26c2c13b473282912f4831e444d256e1997e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe
    Filesize

    47KB

    MD5

    fb2ddbc8fb7210f2b43c009fce97c36e

    SHA1

    2b33e6b3bf9cb56d3132eadd7780e2a3489f1151

    SHA256

    da569deee79d3ba0a112ff576987d3f6250653ea7867d41e3bf7fdd61261d379

    SHA512

    c64f4b9f0240bdd2650ecb999af4cb95373cf3b04f2c2a763375f0b752266b2c9f83b328f023968dd2558108810311a5eb7f803461bd691c7adec2cc8488c78b

    Download Submit