Overview

overview

7

Static

static

3

b4eeb22321...18.exe

windows7-x64

7

b4eeb22321...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4eeb223214de04cf75bf5686aabfb84_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    b4eeb223214de04cf75bf5686aabfb84

  • SHA1

    648bd3b38fd513013789ab6030dd34d6af4b7890

  • SHA256

    c5202071dc7781425ae45a18348036178c2ad389116dbe32eaa14c074dd43197

  • SHA512

    4d9cccb0d59acc2c25bf78c9fa90c8c8fa7ec6f596f14b8fdcba8dac5cf07cc5556a46388bde04f90e6ab367e65fcaa4467a6248ea8d00107dcd1ded446ea2bb

  • SSDEEP

    3072:1W3a80pMO6ED0S6TMxa34Tka9X0SIxd720I6i:g3P09D0S3xa33sD672

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4eeb223214de04cf75bf5686aabfb84_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4eeb223214de04cf75bf5686aabfb84_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\Bziqoa.exe
      C:\Windows\Bziqoa.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Bziqoa.exe
    Filesize

    123KB

    MD5

    b4eeb223214de04cf75bf5686aabfb84

    SHA1

    648bd3b38fd513013789ab6030dd34d6af4b7890

    SHA256

    c5202071dc7781425ae45a18348036178c2ad389116dbe32eaa14c074dd43197

    SHA512

    4d9cccb0d59acc2c25bf78c9fa90c8c8fa7ec6f596f14b8fdcba8dac5cf07cc5556a46388bde04f90e6ab367e65fcaa4467a6248ea8d00107dcd1ded446ea2bb

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    372B

    MD5

    4df94890c65db78a4c4a625d5501df13

    SHA1

    c88c018a5c87fdc6cb71ea4df29a495f87d3cdbf

    SHA256

    053cb92b3c1c2ff4f016b8d5491bc376b1513373452de5585eb07dacc41c2332

    SHA512

    1f008517f484ad8b8ce66f3feed606c340ef1e6f00bd8eb30e7592dffe940a4eccdcedc2a5114cba9b93e89667fdb99dfafe85df60ddfe748d596366a9ee3b91

    Download Submit

  • memory/1292-0-0x00000000001B0000-0x00000000001C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1292-1-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1292-46802-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1292-20688-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46801-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-10-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46803-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46804-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46805-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46807-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2108-46811-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download