Overview

overview

10

Static

static

5

3c482e0e70...18.exe

windows7-x64

10

3c482e0e70...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c482e0e708ca8a714a5b2623f14fe6c_JaffaCakes118.exe

  • Size

    6.1MB

  • MD5

    3c482e0e708ca8a714a5b2623f14fe6c

  • SHA1

    039ef958e0f3f331980b02103f9fd012ef370411

  • SHA256

    9931594c94b941e73879bb1818f7bb691e64885d6c8c6b877372d89f6881ee6b

  • SHA512

    134c769f040ed4a9fbdfd0946ce58e0b5264f33d215953584ea0e7e7836c899aceb6ffe2d69aefdc30fb3b671f186570b2f9462ec7eac808a8553e370a68c5a2

  • SSDEEP

    98304:f3HOZJ6BQaLV7Y8PrsR7DEbtLzRnRNcRAqN:PHOZJ6nJnDsNAtNzcR

Score
10/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UAC bypass 3 TTPs 6 IoCs
    evasiontrojan
  • Drops file in Drivers directory 3 IoCs
  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • System policy modification 1 TTPs 6 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c482e0e708ca8a714a5b2623f14fe6c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c482e0e708ca8a714a5b2623f14fe6c_JaffaCakes118.exe"
    1⤵
    • UAC bypass
    • Drops file in Drivers directory
    • Checks for any installed AV software in registry
    • Checks whether UAC is enabled
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • System policy modification
    PID:1800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\WINSPSys\winps.cfg
    Filesize

    185B

    MD5

    b8224e5293d4fad1927c751cc00c80e7

    SHA1

    270b8c752c7e93ec5485361fe6ef7b37f0b4513b

    SHA256

    c47da9be4fc4d757add73c49654c9179067af547d0cc758d6356e2955bbfcb61

    SHA512

    8fed9a509e46319529145fa2159251e43040d26080af84e44badaab1dd339c767ff75a2c473bc0abfb448b03beb96718ee34ba6bc150ed3085322878b55a22f2

    Download Submit

  • C:\Windows\System32\drivers\etc\host_new
    Filesize

    1010B

    MD5

    7745ec3c7e2f1c6f5f1d85c2ef4bc950

    SHA1

    c72429905244669a6d45d9819af3ba2701c59a8e

    SHA256

    7712a819ebfe48116014f7e8e70a2809bf4368cb71d19e1f6459bd9f50257ee3

    SHA512

    13721ee8e654ee74b4dee2c5a33412e5475afbb2dcaaa03576e3f9f1894c80f32522fedd362252989caa81542184f7e565832a96828dd4e897ac00b369db801e

    Download Submit

  • memory/1800-0-0x0000000000400000-0x0000000000A22000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1800-1-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1800-94-0x0000000000400000-0x0000000000A22000-memory.dmp

    Filesize

    6.1MB

    Download