Overview

overview

10

Static

static

3

2e11c3577d...18.exe

windows7-x64

10

2e11c3577d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e11c3577db1aa7c0ad16f2e1fa2b3d0_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    2e11c3577db1aa7c0ad16f2e1fa2b3d0

  • SHA1

    a9ffd37f8fe86cea1e9d0763e7b8030c3dc1559a

  • SHA256

    81438320acbe910f1191f36579c8b53160569326a975961e208675c69d50b9af

  • SHA512

    fc0b790bd88e976c9f401867a2c0e49014bdef02262e959d2b13de7c04e11fa0227a50264931f57f724c8570bab3c4b8d4977e1ee30b338c58713aa559b48cf5

  • SSDEEP

    768:IdZvpFZtBTSD9mx0CjIGhY4VVN2b1LllfRddcQVEWSdejXT+153qSgP:IdtpXq9Cr0GhXKdTdTiWS0jG3qDP

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e11c3577db1aa7c0ad16f2e1fa2b3d0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e11c3577db1aa7c0ad16f2e1fa2b3d0_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\kaiqe.exe
      "C:\Users\Admin\kaiqe.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\kaiqe.exe
    Filesize

    92KB

    MD5

    a296a075af817e69127b44dec734bc86

    SHA1

    b64dd8d595522381f63ea45ae7811e3a94b5f452

    SHA256

    ac533772abafb26862d7b6d109314e2ba7a14812815c7cdd0060f2ba6c90a3bd

    SHA512

    665844d474e737bf40fd4774171039f6a014c8bdf2e05d40423934aa5ac26a6bdeae32dae5b953ab4003458fb09468a63353bd5e514993f5903a78be5ea1cb71

    Download Submit