Overview

overview

7

Static

static

1

982f488745...18.exe

windows7-x64

7

982f488745...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    982f488745850d3a191d60f8449d6d04_JaffaCakes118.exe

  • Size

    213KB

  • MD5

    982f488745850d3a191d60f8449d6d04

  • SHA1

    8fe55823e37c9342bc2d714594f677a4112d7a0f

  • SHA256

    166cb41875d2c4fea20429d24267821ac4bf3b809cbb9690a66f7adfae11ac20

  • SHA512

    34b6303d660e070bbb41810dff432d6f8ce3484686b0587ee0a3c66fcf0f7acaf7bf7c4226b0ffe8a0062b49849eb725f132f25dcd948749f3dd4c3b252785dd

  • SSDEEP

    6144:SaGYO4z+gzbbUpdcmfffbYU+xp6uOkre6HrrJO5WyOyYjPKOLt:SPYZz+gzbWXjYUMLOkXHrrJO5WyOyAPX

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\982f488745850d3a191d60f8449d6d04_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\982f488745850d3a191d60f8449d6d04_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Users\Admin\AppData\Local\Temp\1345d57.exe
      "C:\Users\Admin\AppData\Local\Temp\1345d57.exe" "C:\Users\Admin\AppData\Local\Temp\982f488745850d3a191d60f8449d6d04_JaffaCakes118.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\30687.bat" "C:\Users\Admin\AppData\Local\Temp\1345d57.exe""
        3⤵
          PID:4396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1345d57.exe
      Filesize

      209KB

      MD5

      e244200cef8349a3b1502a948437393e

      SHA1

      29bc312626dd2b0a223dc7168aa1de772195c931

      SHA256

      337be3354a911f84e3f38dd44bdff52e93eb3bbe4c5e8cf9dd2ca5c0ad716499

      SHA512

      6d8cf689a940f6c0aa22e643726d2a554bbbad0f3a5dbd630df2aac6b0977ecde17fdcd390ee3e05ef0e5f917ffba8e06cccf8616c07751cfe23f2bcb1c3a25b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\30687.bat
      Filesize

      205B

      MD5

      af942e21a17f04903c52cb28a9b89542

      SHA1

      ebcfe47bad384564346db4141d26e3e68f9f984f

      SHA256

      c62a90b84dac61f74122f6eaa01665155a18b28a68b799a963f8a877194f922d

      SHA512

      790decec1485e8fc42c3ee09a3e871ee95fdf2bf2e5f15556de0a5b5db2106114d79206acf2dcf3e7c0dbe9df7b1298e0b3f7247a34d9d3bd9f296cc9b61211a

      Download Submit