Overview

overview

10

Static

static

5

JaffaCakes...ab.exe

windows7-x64

7

JaffaCakes...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    9s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_9462b737c1559858d26f4d49ff0341ab.exe

  • Size

    125KB

  • MD5

    9462b737c1559858d26f4d49ff0341ab

  • SHA1

    b7b15bfcb2a0dc1c4d82560987df4828f5c3742a

  • SHA256

    3e7158db9e3287b1a3fc89b3b7b609e4879e553c7d59cfddc0117fa764b4844f

  • SHA512

    d0e6c9eae2390b1991fb2d533d1f195fa2d7387d966f033312d979899d5bee6979e4497546eb3b8d513c81e91b5c3b2edfbc085177ca2b1f0be4cf03344e6586

  • SSDEEP

    3072:K7pn7qMJA3QLOmQX1McZhrdp37hEriLzVecQe5:Gjy3VX/ZxAi1ecd

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9462b737c1559858d26f4d49ff0341ab.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9462b737c1559858d26f4d49ff0341ab.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\system32\Mswinsck.ocx
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2836
    • C:\Windows\Csrss.exe
      C:\Windows\Csrss.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\Windows\system32\Mswinsck.ocx
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Csrss.exe
    Filesize

    125KB

    MD5

    9462b737c1559858d26f4d49ff0341ab

    SHA1

    b7b15bfcb2a0dc1c4d82560987df4828f5c3742a

    SHA256

    3e7158db9e3287b1a3fc89b3b7b609e4879e553c7d59cfddc0117fa764b4844f

    SHA512

    d0e6c9eae2390b1991fb2d533d1f195fa2d7387d966f033312d979899d5bee6979e4497546eb3b8d513c81e91b5c3b2edfbc085177ca2b1f0be4cf03344e6586

    Download Submit

  • C:\Windows\Csrss.exe
    Filesize

    71KB

    MD5

    e8cb6f9010e02047181a6414cadd5e89

    SHA1

    60e658aa860b134a83bee0a98bd084be8ad69f56

    SHA256

    5050ab3121a4643f7168730f79440a9cb42019b441b76e82cd2ee6464a75944e

    SHA512

    32dafa285537ffe4ef082cb3cd274773d8d84873047cb674c1d71a77722389fef82242b94ac79a18d48f606e6ec7dd143967a6e8842afddc3370ca2d9b3229ef

    Download Submit

  • C:\Windows\SysWOW64\Mswinsck.ocx
    Filesize

    106KB

    MD5

    3d8fd62d17a44221e07d5c535950449b

    SHA1

    6c9d2ecdd7c2d1b9660d342e2b95a82229486d27

    SHA256

    eba048e3a9cb11671d0e3c5a0b243b304d421762361fe24fd5ea08cb66704b09

    SHA512

    501e22a0f99e18f6405356184506bc5849adc2c1df3bdee71f2b4514ab0e3e36673b4aecbd615d24ebb4be5a28570b2a6f80bd52331edb658f7a5f5a9d686d10

    Download Submit

  • memory/2740-0-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2740-15-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2740-14-0x0000000003180000-0x00000000031D8000-memory.dmp

    Filesize

    352KB

    Download