Overview

overview

7

Static

static

3

26d528273d...18.exe

windows7-x64

7

26d528273d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26d528273d64f31a01d7e5c996aed784_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    26d528273d64f31a01d7e5c996aed784

  • SHA1

    9c0e21824542d0c424d140e287d7081d0b09c5a0

  • SHA256

    c8bb87265246115782284ea649d91abd0189510f45df49df27db008608c4c38b

  • SHA512

    a43294b2ca23815039e2c448c253bc86b012bdcad7ee5257a3c28799459bf99236b799b543cb652b4800de2872da0bb46c1eb756dfad0b43db62729d96026dd8

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMxt2F:hDXWipuE+K3/SSHgxmHDU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d528273d64f31a01d7e5c996aed784_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\26d528273d64f31a01d7e5c996aed784_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Users\Admin\AppData\Local\Temp\DEM664B.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM664B.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4732
      • C:\Users\Admin\AppData\Local\Temp\DEMBF87.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMBF87.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1296
        • C:\Users\Admin\AppData\Local\Temp\DEM178A.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM178A.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1860
          • C:\Users\Admin\AppData\Local\Temp\DEM6F6E.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM6F6E.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4392
            • C:\Users\Admin\AppData\Local\Temp\DEMC733.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMC733.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:1172
              • C:\Users\Admin\AppData\Local\Temp\DEM1F07.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM1F07.exe"
                7⤵
                • Executes dropped EXE
                PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM178A.exe
    Filesize

    16KB

    MD5

    90759a3d815c81f7f473fd4d6bf3a441

    SHA1

    84fd03e0d0dd57af8982043669eba9db27ab995a

    SHA256

    a3f0c92408e6fb89d681af02215dd91031e6210587c21fbcc83d30cae9c20da2

    SHA512

    71a4a82b31566f7d4960f5f45883d4a38c5f4b26bf2a7971100fd826831263acf8dd6d51652d5b4e99eb64bceda19c279c0a471ca77102517563dd0e7d836230

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM1F07.exe
    Filesize

    16KB

    MD5

    a12c5423819c5459ff12520fe5650097

    SHA1

    95743a4df1ef9b0b2157b12870a39d7abada3f26

    SHA256

    e02ffefb9bb147e2abd8e41663146020fbb1d438d16f1e41b81cfda6a905b46f

    SHA512

    43ce6b80cfe040d3e109507520c56d5d66b03623180a3193e25c222066a1bcb28da73b588dc600d173933e1c92a14c3fc7584220c0398968eb6687b082c90d69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM664B.exe
    Filesize

    16KB

    MD5

    aef06c4596713ec08be3a21429e51674

    SHA1

    36620536cd8b489f3d456d64ed936acc06e7c207

    SHA256

    423958e0c252dc868a923778a3e9411befc93de2b09978c71b1b10cb78a1d7fe

    SHA512

    56918ce529d65d45d9399d273b1b5f51005af97b7d43cf26753a2b0d1ea3bf496de39620228bcbd38af90a4ae949f6a9f1e69f6f0ab4e014d69cc879df328a34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6F6E.exe
    Filesize

    16KB

    MD5

    c8a6ba92235c6fe9a26178c6c6595254

    SHA1

    38749653b347979c8176ed54222858d9722bd12d

    SHA256

    e8b9c2e4adba231b09e9579aed709878a38a292bce1a8a59e42fba69c4f715cf

    SHA512

    f97a806a9521fae02a819ad0bfcb6a878ba40ab9bed5f0184efe846158394b174d5c7e44ecbc4319f1eb9071f97ab37c0bd93d1f648006ffe7903a45b6ae8ee6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMBF87.exe
    Filesize

    16KB

    MD5

    ef5cfcd4aa605c21207fa5485be1355b

    SHA1

    99c4e52fb0c55b39dfad866a086a6d64e829d3e1

    SHA256

    180c4cbcfa2b868fb14cde3745ac2057ac8423be391737b5b88111f2796472fa

    SHA512

    6afb6ca2f677ac6a54e7a9cf66e1adc6580b750b2954f8f6908f6d8502c71d2b22080a74d1b3deaea84d6b06143803f17e5be574c272e6679ba25b5b21f16767

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC733.exe
    Filesize

    16KB

    MD5

    5ada51800b3ef0c13d2782aaeffe4696

    SHA1

    2f9c3089e4c9d8d34021dfbbe7c8fed341811770

    SHA256

    3493bef2df3d90182e3ae65cb0ed0f809cbf28447f25b89aed951d69b12ae643

    SHA512

    30ea93db6e1504c5aeb3c9734d3f04313b205e4e52d04427ab5fc92a2bf04245075b929050b5d5118038d01b57b2c04f199963a0c17ce80f6509a176e757acb8

    Download Submit