Overview

overview

7

Static

static

3

d075eb8d3b...18.exe

windows7-x64

7

d075eb8d3b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 09:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d075eb8d3b79c571564c3988aa7ffba0_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    d075eb8d3b79c571564c3988aa7ffba0

  • SHA1

    857fc0d5a7c044aa9cd0a83129c376c9d50d346f

  • SHA256

    20734b7174f83fb2160010e93bcf48ced19dcc708a7a8d94ab7ba9abf820b137

  • SHA512

    9918b9055c6f508032a6a1b9fe8d0ff790eef08a33c8d3e16c12ed37c9546ef3e1ece8085544888dcbc5c7674833cf9b5dd7d5a7b4c1124d7c19dd522755c89c

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY8nz:hDXWipuE+K3/SSHgxm8z

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d075eb8d3b79c571564c3988aa7ffba0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d075eb8d3b79c571564c3988aa7ffba0_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Users\Admin\AppData\Local\Temp\DEM8AFA.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8AFA.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Users\Admin\AppData\Local\Temp\DEME4B3.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME4B3.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1488
        • C:\Users\Admin\AppData\Local\Temp\DEM3C49.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM3C49.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:2940
          • C:\Users\Admin\AppData\Local\Temp\DEM943C.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM943C.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:432
            • C:\Users\Admin\AppData\Local\Temp\DEMEBF1.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMEBF1.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:1308
              • C:\Users\Admin\AppData\Local\Temp\DEM4397.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM4397.exe"
                7⤵
                • Executes dropped EXE
                PID:4392
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2272,i,1589057049575649654,2929151440327217574,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DEM3C49.exe
      Filesize

      16KB

      MD5

      e039ce92b2a21663c53efb2f702f6d9f

      SHA1

      6780967d4b1b9506569cc00d73d759151091e1d7

      SHA256

      784cbff062d9869ac57f4543cc64dfffa97f3e419a96cce5f67fa0d6a8ba5a4c

      SHA512

      3501fa38b482c2787ad13c5a27f22d8aec22b0127694f6eaa33c5c9c094f338a4dee825b3a80bb464ed5598f71c3ccd4b551e6118d4fb89f055793e423f3094a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM4397.exe
      Filesize

      16KB

      MD5

      c89f98e0e98101bb0e9d6b38d84194f3

      SHA1

      a51b5db4bcc8f8d6b09f320852015f15a1f429c2

      SHA256

      4fea198a3fd4e92ed5b899e7437574225a4d280c39c7c7360da82234fb986274

      SHA512

      c55dbd9996975359977fb297348b9b76c751a4ce68341bc657b3b4d9fe74ce26bb414324fec8d6c8eb43ac4523061cf31688aa73b73a296a70393f984c876af3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM8AFA.exe
      Filesize

      16KB

      MD5

      35a15ef8562c5c24e3c26661b100bdea

      SHA1

      4819e138a35e985d8012050a5c5162b44c4c3a41

      SHA256

      e8ab60775e18c16c51df37f54ee3c17f03c5698d01e7134fb24e409e19a0d9cb

      SHA512

      7d4fe480a0731d52b1449ec91883cbc206901d709ca8e8a202bf4bb9e487f5e61bee929cbe01886c0747464e3671803188ca95a0236808ba72cf6133506175be

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEM943C.exe
      Filesize

      16KB

      MD5

      2088dfdb9b8439c9f8fbd62f7a678b7c

      SHA1

      c0cf23d7e77f6310f8f5e492f3ebb9f0f1476cbe

      SHA256

      f42e7a5abbd2e345e7b2c81d64dc88be9d3425f16484460977e82cbce60af532

      SHA512

      8d56acbb2bba373c7bbb2fbc15a979d74c5a85930f184e6712dc5db39daf0e50d367de833bf1d1de61ec9f190c0f67eac7e881a297a2b9be735c588be0895909

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEME4B3.exe
      Filesize

      16KB

      MD5

      553def7721a8c8935f7626c68dc81731

      SHA1

      d08fa9980e4adea4d463df3cd7b452ce8ac7fc88

      SHA256

      c7e6c2ad540dd5fdf6d56dcd0f763a426c439087791dd13476263539924c162e

      SHA512

      b4546d28fd9ab367ee94071d5e24fd905ab1fd66c279c60afd73a27f260bd28ba064a0e4576095c5c9db094349ce7cf36f4b87de81b851e37e29d9e9148203f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DEMEBF1.exe
      Filesize

      16KB

      MD5

      14ed3343182eb9a3e0b4b2f699ef837e

      SHA1

      b593422db64cf6f9a096deea646f3502d3e2727a

      SHA256

      945766790c9396ba0d8dd4401d717c6d3c812c235439b3dd2b61b55b23e91849

      SHA512

      d0aa2e6be15def118132e75192794b034c0624d388f8fa40a02aba3f40dad07d7b514366481d61fc2648acea13345d3d7f5cfc5c6e414ee02c6a1a739eb0d70d

      Download Submit