Overview

overview

5

Static

static

5

3a93480532...18.exe

windows7-x64

5

3a93480532...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    96s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 14:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a93480532ecc9b7cf94e853d9c0d84a_JaffaCakes118.exe

  • Size

    71KB

  • MD5

    3a93480532ecc9b7cf94e853d9c0d84a

  • SHA1

    1ddafde7e747a8fa8a928e15f7d8d29b22e6b493

  • SHA256

    b6ebb3ab434d14041072ff81bb76b9bb22767f65a5a47f55e9eab0fce0421949

  • SHA512

    2f5d29a61b2092e220ad0b6111f5c026bd476ecd396698d39b788fc7531a57fda9110c5db95edd6df87d2438dda0c0619d588e43c12002343aa9987e86d79148

  • SSDEEP

    1536:tt5ZdeHwm9GASGAvOu5BqBmRiB7BDomPQubupRbx/KU8xi:t7veCAS/Ogzixbo3

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a93480532ecc9b7cf94e853d9c0d84a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a93480532ecc9b7cf94e853d9c0d84a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:3780

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1544-0-0x0000000000400000-0x000000000041A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/1544-1-0x0000000000A20000-0x0000000000A21000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1544-2-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1544-4-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1544-3-0x0000000000A60000-0x0000000000A6E000-memory.dmp

            Filesize

            56KB

            Download