Overview

overview

7

Static

static

3

03bdd677a2...18.exe

windows7-x64

5

03bdd677a2...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    60s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 22:12

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    03bdd677a29b5a54629f5556ccf0bd8a_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    03bdd677a29b5a54629f5556ccf0bd8a

  • SHA1

    0405fcb4e5d38df434442d9f7c911b44ee9840c0

  • SHA256

    1a6f5763209e0cd737187f67512d802d230ba4b99e3ff138e9239e9c061c1500

  • SHA512

    59d6c2ac864af6c1cba092105c93297707503a354e2d5e2aab3c744afc0ad7f30cb72be7aba2f82f1f4a54964639b7dd0abd4dd5016e557bc09afb9a391bca2a

  • SSDEEP

    24576:IKN3qU44VnMqFMygvWgQBQSRWxq0VJHTo6FaTLbI2ZqaIvuVnXN:I06Mw6ySYqQk6FaTXIGq969

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03bdd677a29b5a54629f5556ccf0bd8a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03bdd677a29b5a54629f5556ccf0bd8a_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\windows\SysWOW64\explorer.exe
      "C:\windows\system32\explorer.exe"
      2⤵
        PID:3948
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
      1⤵
        PID:3500
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
        1⤵
          PID:1232
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
          1⤵
            PID:3548

          Network

          MITRE ATT&CK Matrix ATT&CK v13

          Initial Access

          Execution

          Persistence

          Privilege Escalation

          Defense Evasion

          Credential Access

          Discovery

          Query Registry

          1
          T1012

          System Information Discovery

          2
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Resource Development

          Reconnaissance

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1720-0-0x00000000023C0000-0x00000000023C1000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1720-1-0x0000000000400000-0x000000000060D000-memory.dmp
            Filesize

            2.1MB

            Download