Overview

overview

7

Static

static

3

dbf774ad30...18.exe

windows7-x64

7

dbf774ad30...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 05:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dbf774ad30e4afa690724b0e86154ca7_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    dbf774ad30e4afa690724b0e86154ca7

  • SHA1

    6aa2400f59aedb85cb48572e7029e2b947920280

  • SHA256

    afbe91520bb7a927c54cda30e50e116429e4d68df053f7a31f259e7715854bbf

  • SHA512

    4978045dd84c3c1d5f2e8d8939fcc2da49a7a1bc17126612a216f4d83cede6a112aff53a2c6985fa1c5c84433ebe939402b6a2924da467cc4539a792d31112a2

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY5tL:hDXWipuE+K3/SSHgxm/

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbf774ad30e4afa690724b0e86154ca7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbf774ad30e4afa690724b0e86154ca7_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\DEM977D.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM977D.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3352
      • C:\Users\Admin\AppData\Local\Temp\DEMF0C8.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMF0C8.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1124
        • C:\Users\Admin\AppData\Local\Temp\DEM488D.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM488D.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1896
          • C:\Users\Admin\AppData\Local\Temp\DEMA15C.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMA15C.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2376
            • C:\Users\Admin\AppData\Local\Temp\DEMF8D2.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMF8D2.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:5088
              • C:\Users\Admin\AppData\Local\Temp\DEM5104.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM5104.exe"
                7⤵
                • Executes dropped EXE
                PID:3796

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DEM488D.exe
          Filesize

          16KB

          MD5

          47185828edbeb0aa38191a61501817f7

          SHA1

          98eeaa651a9f363d8a4ba5b453ef5435bd0e4ff9

          SHA256

          d2513b29678b04fb6e4dfba760442fd2de2184401926f772b73526ccce6893e4

          SHA512

          0818255de8029eaa7e421b2903911d2dfa1d982797936ac4e37eed5c0eff12a87ed1a9c7a5244ed69fa5e5e1744ced91f0a56a300f649bd0ff327e65255ec344

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM5104.exe
          Filesize

          16KB

          MD5

          af8f3e0c648e2447ad0850741513a172

          SHA1

          475908a359d8add1e414ddfab153a87f30ebe41d

          SHA256

          4cb38b1052379177d87948d15a12c2d6170a832448d10dd20074aa2d50a7ab3f

          SHA512

          efb76a50ff74e72d57bb75b7594767d897096b0cc9ca118692f7d5b410293d4725f6befd50c569577e46b811d178082e10cc9d08a344d26cd73b6d514415df3c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM977D.exe
          Filesize

          16KB

          MD5

          15c79248ad1c92920e6774b4aee6b90e

          SHA1

          80544f02f17732613c4b91029d379f4f6b05e4bc

          SHA256

          8541d2aee6a4336cf63342b1997877230810514ed4c4f9199cfc305b149690d7

          SHA512

          24f8e2a0970fab17f4a471aaf6331c3331e412b86ee3703aca66b9783feb4d2cda1d0577f5b0614cc34c28b2588575c9ed4be25966afcf9c9fd0b4a4e119bf33

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMA15C.exe
          Filesize

          16KB

          MD5

          14aa28ae3ba0ffccdeaafe52ab4175bf

          SHA1

          ee212ddb0d0ceba70ae2a5ad279e748e938bd6a9

          SHA256

          5304e0a63d0d8b480b77894653b56c724579287d277032c582d69631f06e1628

          SHA512

          10fc3aa37c88b37c820f4e695a45b9abfc0650a0a9274c2b5f2d8eb5ae6bc6a3ddb0f1527aef358065c33ce78b4642a130ae8444b899aeb13fc27a10d61ab98d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMF0C8.exe
          Filesize

          16KB

          MD5

          dcf331082d0aad9e2bc55a4d9bf0ce18

          SHA1

          58638475bc9037528393dad5e264058834906c35

          SHA256

          a1adc77f446797cf6749601c6702dda49577c3b7b032a2d411f86fc207fc43c0

          SHA512

          5f96f99c910631e009ef1147f4fcacb3a198772fa54fb7b799a655627a888fb698c95fd01ff03cd7daa6414b879fae5ff2d197c8c69139694bcb266dc14495fa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMF8D2.exe
          Filesize

          16KB

          MD5

          17c7fc71d40633762e177c2d286377dc

          SHA1

          b97a441ab258c2db26af7a192376b3fdafa1fb45

          SHA256

          9b63c657ebe8c15d9e2175dbb1186f38ecd94332a9730f2b9cd9d8d93f1a5bd4

          SHA512

          2035aa19126764104eebd3e8404759ca682863a9707b352e28cff49a2aedba0665fe674124dfab8069ba007fff2ff3cae7da2511b64776e21257bec1d9af32de

          Download Submit