Overview

overview

8

Static

static

3

406250fbaa...18.exe

windows7-x64

8

406250fbaa...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2024 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    406250fbaa2c18d3330586c480aa3620_JaffaCakes118.exe

  • Size

    151KB

  • MD5

    406250fbaa2c18d3330586c480aa3620

  • SHA1

    6fee985aa435ebb425ea71bf1f61b8c0ce4cd310

  • SHA256

    1c71cea25df52f6e804c7ddb23d85ba5ae2a1edee8d039f062df8af9f499bf20

  • SHA512

    b6d189032c1cc05ffb0b4ed828448268bb673d206a73074c73707892cfc376fcf99ede8919d9ecc5c19690890700c5dc9335cb6e00d871c78f7bf8f1a013cc50

  • SSDEEP

    3072:HAwEvRRdqcqpaiVPfGHO4xATzlypxd7CQn3piYtW0Cmz:TcRWcslXWRpjCS5TW0Cmz

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\406250fbaa2c18d3330586c480aa3620_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\406250fbaa2c18d3330586c480aa3620_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2368
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {2E2398D9-075E-4B9B-8080-D6731A78140C} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\PROGRA~3\Mozilla\unidtrd.exe
      C:\PROGRA~3\Mozilla\unidtrd.exe -esjphrh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\unidtrd.exe
    Filesize

    151KB

    MD5

    4008d811e9f47780926a6706064b3580

    SHA1

    686ce910f3c26b24505b5f814d705929ec9bbbd0

    SHA256

    aca1547c2d4cf8c7ec95a1656af2ab01959e0797876bb3e9f55131f687323e2c

    SHA512

    a2e4fdccf3598ef246a999fae0071ccf6f005c7e51750ea3487e1710c340d243046f4623f5d6fe90f865560bdb6d4133b865cabd821b79b6b37b8a8868996941

    Download Submit

  • memory/1320-14-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/1320-16-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2368-4-0x0000000000402000-0x0000000000403000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-5-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2368-1-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2368-0-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2368-7-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download