Overview

overview

10

Static

static

5

37c28dd5c1...18.exe

windows7-x64

10

37c28dd5c1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37c28dd5c1e185c5cded257ad6c91c03_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    37c28dd5c1e185c5cded257ad6c91c03

  • SHA1

    3f84157f5bbfeebd135220130a8b0bd616017545

  • SHA256

    1e2813f4a23f085eb4812095a26d592902cda2582e190e162c3f7dc3825c5c1b

  • SHA512

    f7cab8fc08ff970577b6a1b79743fbedb53eb4318394f6e0c54efc575c709d55b74d33c3bf7e0b7ad5c1b625a384538ee1434caf460eb158e5352efc08ed3b41

  • SSDEEP

    384:5wP9YbWZbqSmvklj4kHwxVNECwodNyPVuXzFsY:2VYK4BvkljwxoC5h

Score
10/10
persistenceupx

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\37c28dd5c1e185c5cded257ad6c91c03_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\37c28dd5c1e185c5cded257ad6c91c03_JaffaCakes118.exe"
        2⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Drops file in Drivers directory
        • Loads dropped DLL
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1244

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\tctc32.dll
      Filesize

      10KB

      MD5

      8bf32bb81490a0c0428ff8b6f59ee042

      SHA1

      959550372bfb3e254057c750bf858df375e8848e

      SHA256

      f48fedceac21e1b76871f30d84786d2bc3c6de854d0d58ea3f6a53f6f16a03db

      SHA512

      9caeefa2a2d275983b29a8fc454e3fa140b0217533d9102f722381bbf3d6a76db708de7d4da3c6ec1687c9896752e8c5137276ee2db0b0eaa903bb9dde8b6b48

      Download Submit

    • memory/1204-5-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1244-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1244-6-0x0000000073250000-0x0000000073255000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1244-7-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download