Overview

overview

7

Static

static

3

dd842c5f06...18.exe

windows7-x64

7

dd842c5f06...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 06:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dd842c5f066b1e5b68e69a8fa6a5ddbc_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    dd842c5f066b1e5b68e69a8fa6a5ddbc

  • SHA1

    6a029539ff89b563633263ec81c9cc5c1ab2cebb

  • SHA256

    b8608692657e21659220109cbc255b1a96f7588152bd1f5ae4c68ee9779f7a9a

  • SHA512

    160fc5851022190ea8ee6ca21cbffa8e8a233974a671a3679da06ddd9ad3c06446f9d81a339125c5ebcedacfa61341befc0787e2225efb1f7dc3d71687f6b159

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhgAHo:hDXWipuE+K3/SSHgxSAI

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd842c5f066b1e5b68e69a8fa6a5ddbc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dd842c5f066b1e5b68e69a8fa6a5ddbc_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\DEM38C3.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM38C3.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4188
      • C:\Users\Admin\AppData\Local\Temp\DEM8F30.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM8F30.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4828
        • C:\Users\Admin\AppData\Local\Temp\DEME55F.exe
          "C:\Users\Admin\AppData\Local\Temp\DEME55F.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1248
          • C:\Users\Admin\AppData\Local\Temp\DEM3BAC.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM3BAC.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2624
            • C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:4068
              • C:\Users\Admin\AppData\Local\Temp\DEME73E.exe
                "C:\Users\Admin\AppData\Local\Temp\DEME73E.exe"
                7⤵
                • Executes dropped EXE
                PID:4136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DEM38C3.exe
          Filesize

          14KB

          MD5

          5199a06642c568bbdc49e4f263bc4981

          SHA1

          203ab8cae30aab24b900a7bbe134cd9dc1d70ccb

          SHA256

          f55b04b7ed3d7ffd3b45ad50c2a4ceb3801d0c2f564e3330aedc78aedb51edb3

          SHA512

          1d919409e875034e6d387702f668013604d95bb4c9cc00ad6f6bf36844f837094d02f416721e8011163a84942d994df00d8e82fee1502211f6beffe2da897c6a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM3BAC.exe
          Filesize

          14KB

          MD5

          643bccc196fc4919957344fc837bc1f7

          SHA1

          97f0eb28dc440a3f058eff80d7289424ad156f56

          SHA256

          a95bd0318b5d2402cf843d6b317a7d965c9c58f8a91b048d77bc106c51ff4476

          SHA512

          ab65fdd234b06f66262f7e5df51b194724e834a73e493feb15995b43459f7d68558dea25bed034c8888e29dd36bab4644080817e64f60392ffcf3223618ea4e2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM8F30.exe
          Filesize

          14KB

          MD5

          0d4ff68b3f5ef990be124f583fd09aa7

          SHA1

          d624c98973f56f2d51fe2c80b851c346e2ec3a20

          SHA256

          c539a7bedb4f746f986b3f16e695c4cb42c6bd3578a5b69f61da06c3c7c5addd

          SHA512

          03a937dc0c3c85efed308a519021c8ca5a2d310c2f08f896107d1d89604b9e65f93cf9a1a12cc6c2c179cbaf4519993081f008df480c5394b906a84844a0f7f1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe
          Filesize

          14KB

          MD5

          0e360146179bea4721880b94f15e9291

          SHA1

          f4f99c431951fae44f56a874585be38b2c93c33d

          SHA256

          c6ffa1bd037d6a7f701d373843137e2fbdb19650fe2ce7694ddbaa6a2670bb64

          SHA512

          4237b6a143f1e3384abb86fb69802c0232b06f6c9ca27b1d416566057454b67f3ec93e41e406c2b648886358407e8369cdbe1b4ff3358fefba3b147ea6e39e87

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEME55F.exe
          Filesize

          14KB

          MD5

          b304a9b2ebef4d4ffece2e2aa9e50f48

          SHA1

          de10aba79ce5ffb5c28e44bbbea12631e38a6d86

          SHA256

          8ed6ab9b0c979e759ceca57450cb7384c7e825e32bc322782c5a2010cd617ca8

          SHA512

          08b42c7ca8339d649b49f56821ca28c94f1b0217c923eb0e4f7162a4f2f1c4068e26179a94c3877f59308beac91e0182f5d2760ce7ddcc9caf5dd7129ee324fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEME73E.exe
          Filesize

          14KB

          MD5

          49415b067d5c5441cbb4972132a976c0

          SHA1

          8e9b0731b9930451e49cd0dc42bc11e29c397f53

          SHA256

          3f30119e31238191037386c7ff59c7c618a09a0627692f3998d3dae7a183e092

          SHA512

          b2a4f1c995ac65ef75c6709d5e2d80b0eb2df3358d8b51064ac7d0e6c4dc58620e6b026aa40ffec1d88bfdfa84f735773423e9c4f47c94a6497d80d2ccaafdbf

          Download Submit