Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 13:20

General

  • Target

    ebb1a3bac82a7c56d9252049693c2940_JaffaCakes118.exe

  • Size

    67KB

  • MD5

    ebb1a3bac82a7c56d9252049693c2940

  • SHA1

    58832972cf8abcd117b2c3f7a5d036e2374b4de5

  • SHA256

    c5a966156fae3c374c4cb03423da2fb9f770bcc6584b25dd8fb55146219b4b02

  • SHA512

    da00338611ea7860db6247c398a73f771fcb3a43856de7766eb08788c410664198869bd2e31c697d7f0adfc8d3ee7a16d4aa93ef647aaa095712ac929f30b49d

  • SSDEEP

    1536:n87wc1aGNC0klI7CPpIFa6mMbYAaYcexvzPf8aQ:87wc1aOCo7CxIVvbc+HG

Malware Config

Signatures

  • Detects MyDoom family 3 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Mydoom family
  • Adds Run key to start application 2 TTPs 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebb1a3bac82a7c56d9252049693c2940_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ebb1a3bac82a7c56d9252049693c2940_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Kazaa Lite.com

    Filesize

    67KB

    MD5

    ebb1a3bac82a7c56d9252049693c2940

    SHA1

    58832972cf8abcd117b2c3f7a5d036e2374b4de5

    SHA256

    c5a966156fae3c374c4cb03423da2fb9f770bcc6584b25dd8fb55146219b4b02

    SHA512

    da00338611ea7860db6247c398a73f771fcb3a43856de7766eb08788c410664198869bd2e31c697d7f0adfc8d3ee7a16d4aa93ef647aaa095712ac929f30b49d

  • memory/2684-1-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

  • memory/2684-3-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB