Overview

overview

7

Static

static

3

0ee28010e2...18.exe

windows7-x64

7

0ee28010e2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 20:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ee28010e26eb3a4a59d7f003b48fcc0_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    0ee28010e26eb3a4a59d7f003b48fcc0

  • SHA1

    cae7f501f36ddb1dd0d28c9bbd688b89a80834b8

  • SHA256

    f9501518b46cdff0e3a26b06b116669ea80e48063685eaba2f8d65e1e7dbf05a

  • SHA512

    9cb2ce69c979d2e61bdf4f3df7e32fc28f202f07caa9cbb27e85a4d2a6aa63ee136d81e40dfabe52edd668c646f57546cfcffa80874712643aa4186b72bf1e67

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4r:hDXWipuE+K3/SSHgxmHZr

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ee28010e26eb3a4a59d7f003b48fcc0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0ee28010e26eb3a4a59d7f003b48fcc0_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Users\Admin\AppData\Local\Temp\DEME5DC.exe
      "C:\Users\Admin\AppData\Local\Temp\DEME5DC.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Users\Admin\AppData\Local\Temp\DEM48DB.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM48DB.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Users\Admin\AppData\Local\Temp\DEMA090.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMA090.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1340
          • C:\Users\Admin\AppData\Local\Temp\DEMFB14.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMFB14.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:492
            • C:\Users\Admin\AppData\Local\Temp\DEM5327.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM5327.exe"
              6⤵
              • Executes dropped EXE
              PID:2992

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DEM48DB.exe
          Filesize

          20KB

          MD5

          88337412103f64fa8184739113e57e77

          SHA1

          ce4169460403b4b626ea9a092eada5e64e23148d

          SHA256

          b8b2a5d599f8a9056e651da433a441f3995126e824b591ae17d6494e8eb3ea67

          SHA512

          ed36aeef22525bcb6114f331d1db478ad2868ea8356386767adfbb53e56f13d5908632b50c39aaa692f911cb090b4c4cf78e62a6c4d20b04914e4b2d2e5b6b41

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM5327.exe
          Filesize

          20KB

          MD5

          e59301c8471f6298849ebd1ab372bb46

          SHA1

          5b7e0419883cbcba824589a3addf6134c48efe65

          SHA256

          e035419e71075689b0305ad7e3a0b51bb1f33fe0ab0c3ae22d5c6451ba8fc1cd

          SHA512

          5b5a27c9759c524271cd6d5ddcd13112e445e294cc4404d55856767c1a34236123a2a6b91be8b6985f4e95746545a24d74c9875bce2d85074ee7c1b0019666a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMA090.exe
          Filesize

          20KB

          MD5

          a8d6b506db9aa4c15de96d4f1ac90109

          SHA1

          d78fb91dd33c8120322b99e226c703c1c468627c

          SHA256

          3cf44adeb220a430320509c27486c5ec4ac7dbfd833382c41e13045702031d2b

          SHA512

          65056a3ae382290a1c4751e5c74e14c7e1fa543881c99d7e634059a57418f7ffd91f8859f9f72124388eab5f4f432c4661ef20dc7e2281bacf57a4a59389fceb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEME5DC.exe
          Filesize

          20KB

          MD5

          bdf0427ef2dbd95afe5f2fb5200b3605

          SHA1

          a04350175eb9c0e7da0c59c59f999ad438d95679

          SHA256

          e5a90a58a64c59db1b148df7facde962cb898b7ab86b96ffd7967dd48f8e4774

          SHA512

          cadf64b777159b9d1d4ff2e36d8bd2ff37335f1c1fbed2364f8409b830c8d2f3f583fc3af3d4b2ac1ddb51048c44131f6ad797532af28d88cacd4a999cda06be

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMFB14.exe
          Filesize

          20KB

          MD5

          24fb66c9ea82036e920d38834e678d0f

          SHA1

          4130cdafa1d4386e43ec8243cc96994a117f9b37

          SHA256

          53de9842d6d196fcec358c1cd8da01e029bf457d6ff51ba22eeadfe8cdca7fc3

          SHA512

          32618188ca8ed8ad0dc2719f54d43ec65988b981349c82401b9353149dd725a8072429b83b4b63aa7d450c671a1fd8f0cca6b34f526bc732fc384d8d38d2b55a

          Download Submit