Overview

overview

7

Static

static

3

b4ead84614...18.exe

windows7-x64

7

b4ead84614...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4ead846143a753e728c6c44aa0fb869_JaffaCakes118.exe

  • Size

    368KB

  • MD5

    b4ead846143a753e728c6c44aa0fb869

  • SHA1

    f2897f18aabf0c06458d026084c244574a985627

  • SHA256

    ee44b973a72aac98fabeb5e08fd7f4cd88bec821c7fc2a5b707ba109e6ed0608

  • SHA512

    43811539cce583c8cbd116d843a1552c9986f167aba1d0122b1264e81430bf42a8216dfb5ada4b6d166def55cb6bd47d9ccbdbd970c248591f371fbad5f7e659

  • SSDEEP

    6144:ZHbFuENWJcGng1+QtRTozukLk50nsqt9u2CkMSGswoHab5bXJ0/+z3ri+4Y:Z7FuO2g9TozukwynsW99MfjbbRea

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 8 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4ead846143a753e728c6c44aa0fb869_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4ead846143a753e728c6c44aa0fb869_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Windows\Tmywya.exe
      C:\Windows\Tmywya.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3896
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 824
        3⤵
        • Program crash
        PID:50476
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3896 -ip 3896
    1⤵
      PID:50424
    • C:\Windows\Tmywya.exe
      C:\Windows\Tmywya.exe
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      PID:51128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 51128 -s 636
        2⤵
        • Program crash
        PID:190864
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 51128 -ip 51128
      1⤵
        PID:191188

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
        Filesize

        390B

        MD5

        b00c0ccfaf8482b1787cf1c3d5bccb87

        SHA1

        dd059dd0d06a729b04f8a99de67f243821534c24

        SHA256

        d205dd7c08a3ed9daf0cdf5082c2d872181f6d254736e44a8ec7b906549f8fe9

        SHA512

        07ee3de28ed8c5e77e27b24f85889152ab26bbb95df0e650e73b459b56366739d9f4ef637ad6167a6b9dc3b8c61cc4a7141882440a332a1f9205aa91f5de48ee

        Download Submit

      • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
        Filesize

        264B

        MD5

        b5302c4b58077878bce28698c02c4c7b

        SHA1

        3d60c4ade72c0124f70a2e4c9803d05affb24110

        SHA256

        bfd9db2a06ad55598e219c7cde69d9547e7ea0ebc875f439e5d7cfa6847d4f98

        SHA512

        a8842ec7a1fb33460e3d011bd80f8fe9dc9ce38892bccf45284c08f91111ec0179fa81e05cebc6e242d016a96003baea045f2ee15f97d5659226e9a5bf6c7c5f

        Download Submit

      • C:\Windows\Tmywya.exe
        Filesize

        368KB

        MD5

        b4ead846143a753e728c6c44aa0fb869

        SHA1

        f2897f18aabf0c06458d026084c244574a985627

        SHA256

        ee44b973a72aac98fabeb5e08fd7f4cd88bec821c7fc2a5b707ba109e6ed0608

        SHA512

        43811539cce583c8cbd116d843a1552c9986f167aba1d0122b1264e81430bf42a8216dfb5ada4b6d166def55cb6bd47d9ccbdbd970c248591f371fbad5f7e659

        Download Submit

      • memory/1840-0-0x00000000008D0000-0x00000000008D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1840-1-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/1840-4-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/3896-19-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/3896-111638-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/3896-15-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/51128-111644-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/51128-111645-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/51128-111649-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download

      • memory/51128-246302-0x0000000000400000-0x000000000043A000-memory.dmp

        Filesize

        232KB

        Download