Overview

overview

7

Static

static

3

3f66b440f0...18.exe

windows7-x64

7

3f66b440f0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f66b440f038b44d85d4d896941147a1_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    3f66b440f038b44d85d4d896941147a1

  • SHA1

    e91d3c5586cdd2748c3c5145e5bad6ce492f2bdd

  • SHA256

    b8753a95e3563b0e24609922e9df8760da447aebd537f25b1b8a997acb2e1fb9

  • SHA512

    19ddb2dbb3b2cdfe27bd73390ffbb44ff4230bdb2ab91f25413d1a05976d4dd1055c1d7d6c8c00a04f7014517e46064b7d307fa562dbe1040a98dcdb47ce5db5

  • SSDEEP

    24576:P8XkFFBb5f/GfLyl0kYU0+cZkkUgLkjwmCJS8gxGm1Apxeiz5lY7C:k0Fb9GC07l4gIjwmTKpxei7Y7C

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f66b440f038b44d85d4d896941147a1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f66b440f038b44d85d4d896941147a1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi /qb+
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
    Filesize

    6KB

    MD5

    17ce5d0e4f6edbcda037fe67207fb9e3

    SHA1

    40604842c47729e14c5cdff23b6a99d17a04b8d3

    SHA256

    2d9943c89732b19581ad495b24097f07314aca99f1634f1ed02bd7f1c29bf674

    SHA512

    0ad251a764037ab4def4bcfd8980d161534d5733f6fa04d22c84e254a3d8c6ed9e0f62d4775364568b31b9d8b97b4ccc48d6589acc4cd2a41a3259dbc43ad78d

    Download Submit

  • memory/2328-0-0x0000000001000000-0x000000000114A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2328-1-0x00000000002F0000-0x000000000043A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2328-4-0x00000000002F0000-0x000000000043A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2328-27-0x0000000001001000-0x0000000001002000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2328-61-0x0000000001000000-0x000000000114A000-memory.dmp

    Filesize

    1.3MB

    Download