Overview

overview

7

Static

static

3

c85b10abe6...18.exe

windows7-x64

7

c85b10abe6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c85b10abe69d46e64027f311ca445b79_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    c85b10abe69d46e64027f311ca445b79

  • SHA1

    396f7bddf93d1d43f9061cf34b8aaf793a40f8ec

  • SHA256

    0b248187a0fda22086ff20301424dc97b8bcebf8308f59a0ea30383fd85a3cf2

  • SHA512

    63e71a60a9365536e711751139e84b235b05bd6680ec494a1c53bed67e0a75d0bbc7e1d17fe5712b5dc3259dd11777439d219c3e65a1930c1e89b2d71dcdb7bf

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYQMx+L4b:hDXWipuE+K3/SSHgxmHZb

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c85b10abe69d46e64027f311ca445b79_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c85b10abe69d46e64027f311ca445b79_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\DEM70FA.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM70FA.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1156
      • C:\Users\Admin\AppData\Local\Temp\DEMCA35.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMCA35.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:5080
        • C:\Users\Admin\AppData\Local\Temp\DEM2239.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM2239.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:2812
          • C:\Users\Admin\AppData\Local\Temp\DEM7877.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM7877.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:3848
            • C:\Users\Admin\AppData\Local\Temp\DEMCFBF.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMCFBF.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:2724
              • C:\Users\Admin\AppData\Local\Temp\DEM27F1.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM27F1.exe"
                7⤵
                • Executes dropped EXE
                PID:4544
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5716 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DEM2239.exe
      Filesize

      20KB

      MD5

      5cc2c48b3b9b7a5412f0a396ad823b63

      SHA1

      520d8bdf1eabbaafa2396859ff9795a40e06227d

      SHA256

      be3af9c746d19cc9bd407fa3e9801469f0c8bd4b668a0b75e3d68d01b4e9e9f9

      SHA512

      1ffb0a850d1766c20ba65757bbe15478edcb439d831478603be0be76b4ae3f1d02f70d5af89845ef7d0f76179ad300b0679698935aad1b991f20999f7747c765

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM27F1.exe
      Filesize

      20KB

      MD5

      134225cda4d331211dfc0a212412ec40

      SHA1

      693aa646086f3a55835624a2046adb03bdb1e330

      SHA256

      adbf18f0d7f0a9e7be197aabb3816dd928ef015772144553a68d6659e32720f5

      SHA512

      d053e6c5481981585ee11ca58a471621a703f24d07775096bcee758541a3f133fb2913a499364b93ddd0a8eee5bc31d7d4769d8770014db2f7d0d4cfda3d3265

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM70FA.exe
      Filesize

      20KB

      MD5

      b40ad273cc89662eb5980c6d3ba1407b

      SHA1

      836f1e11a2354c6062de69ddde17f6091a79fccd

      SHA256

      fc9d651329dfc1198135e6189dd971407f2d4901e145ec013cb12374fb4dcae3

      SHA512

      5e981a70796174be49f124eae047784be292f836c7cb7b8ddd53d08e619fb10d8f259256182dba7bf27e15b2327888e993730ee8558a5808aff7c0f9690b6681

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM7877.exe
      Filesize

      20KB

      MD5

      a46d05583970b53595fbfd606f8cedd1

      SHA1

      2794998d42c82ca821cd36e841c529126610e402

      SHA256

      e5f9279bf18b0fb2ab330385db1d763b07130eb615f73450aaa1681a08a87549

      SHA512

      9dcca60aa7a045852881e013d492f1d815ea728d7be87a6a40dacfa4f4d8aa558dae8cf5ed5924b8c92214884256a28678108aeb16fb52c825a900af44b4f068

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMCA35.exe
      Filesize

      20KB

      MD5

      f5c65a21cb865b322370a51ad7028ba6

      SHA1

      96cd796ce6bc44c219700854d102db454a6d0b75

      SHA256

      8dc8cd6b91924ebf59af9d226b0080e17b61cef5a1103f50cc87868182a87e39

      SHA512

      e49a41106c7996f5ed14d7423102925c8f1d7f18becdcbce36bbf7c951b2f645c4bd6e4406dc16c666ef23d3756b1dd569b1fa63ebaf5b6fb60d495ee4ff097a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMCFBF.exe
      Filesize

      20KB

      MD5

      baa3b17501059ab034c254b3bd0c56d0

      SHA1

      f300f1e130de483aee0c8d5660d985628963cb0f

      SHA256

      0d7a03c7ef0dab312f33fffa5585701a0e89abb894da6eaaf8bd2997eb93f156

      SHA512

      82538d1ab79f71cfbeefa57c1ecf2cea05c7a2732944249fac30d699a37a70d483331974b72eae59334ad3f0db691a1021a4f331fc1bfa66a8ac248ff113af56

      Download Submit