Overview

overview

8

Static

static

1

fdfcb38dd0...18.vbs

windows7-x64

8

fdfcb38dd0...18.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 00:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fdfcb38dd0980ad5bb06a166a3441774_JaffaCakes118.vbs

  • Size

    83KB

  • MD5

    fdfcb38dd0980ad5bb06a166a3441774

  • SHA1

    51576748a2c4f88ecf24147aeb4d588823acba57

  • SHA256

    8a328702e6f93d553c959d003079964102bee95ba3e6de7afa898884f21e5a1f

  • SHA512

    2dfc0995ce30e8172822a24ad65b7431af26bb7d25fa1e165b8aee4d5ce856aa04d99bbff5c02b59ae39daef3363188ea26b0e4431a946a7af7c39fbd6993eab

  • SSDEEP

    1536:fsMdmTjWtM1BY1euyMF/dddddddddddddddddNQQdzDCFveotw8d6R93x4:fssmTY9ZXaJbd633e

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fdfcb38dd0980ad5bb06a166a3441774_JaffaCakes118.vbs"
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Local\Temp\2A917B97BC6A4FF28643AC1EF8E4617B.exe
      "C:\Users\Admin\AppData\Local\Temp\2A917B97BC6A4FF28643AC1EF8E4617B.exe"
      2⤵
      • Executes dropped EXE
      PID:4764
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2260

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\2A917B97BC6A4FF28643AC1EF8E4617B.exe
            Filesize

            56KB

            MD5

            ba33713e87a12f20fe50f50a09a74e7f

            SHA1

            455760a6cd7b4fcfea8d5654f9b46c7402d6cd80

            SHA256

            253435a4f57db4b631ff88e58144264f6268ba34171d0b910157be2c494f3ebf

            SHA512

            44053f3996f8c2feb221c151770df19dfda062454c3e3e2231c98a1d37c07bc61a3dfe1b72ea6b2fc12274c406644feab97b9b874b14ef184e7e6aab39e98bec

            Download Submit

          • memory/4764-18-0x000000005F000000-0x000000005F011000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4764-21-0x0000000002220000-0x0000000002221000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4764-22-0x0000000002230000-0x0000000002231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4764-24-0x0000000000400000-0x000000000040E000-memory.dmp

            Filesize

            56KB

            Download