Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 16:32

General

  • Target

    a157c71bbf2010904d0ebf204997d559_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    a157c71bbf2010904d0ebf204997d559

  • SHA1

    c048f6f2885006768d026d10ace1a6db351ffc68

  • SHA256

    8df9b797d715806c7025589ba233f95d5a08e1c59317a7cebc29d2e009e6fef2

  • SHA512

    864ddafef42b002474b33f789bb51ccc7e3923de72c06e2894c7186282912172ded68b2689f37fe6100d7083244bb1599f6ea9129049accc59d6e3eeb8b7bed5

  • SSDEEP

    49152:yJwukbANGDkTjvh1/zxUOLlTlpSmJurwKTH9h:yef4p1rL8Bx

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a157c71bbf2010904d0ebf204997d559_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a157c71bbf2010904d0ebf204997d559_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\27967.bat" "C:\Users\Admin\AppData\Local\Temp\20FE9CA7CD6F4BA3BBEF8025E68A3B97\""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:1120
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3976,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8
    1⤵
      PID:1820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\20FE9CA7CD6F4BA3BBEF8025E68A3B97\20FE9CA7CD6F4BA3BBEF8025E68A3B97_LogFile.txt

      Filesize

      2KB

      MD5

      8b228411d918d2c963ea216956fc98a4

      SHA1

      d27a45e43ce771f419f2728a19cdf84bb39e0c26

      SHA256

      7cb571b83b173a714608c161bc7ad2ece07fcc884872755ca0fc744c6d55af80

      SHA512

      5f8a5d4cf207d785c279afa05b0ab9de761a1ac733b1cf0ae1c3bc4bfd92f00306f3409aa4a8547322fa02ad1bda34c592153eff90876ea65bc6c0e08c962df1

    • C:\Users\Admin\AppData\Local\Temp\20FE9CA7CD6F4BA3BBEF8025E68A3B97\20FE9CA7CD6F4BA3BBEF8025E68A3B97_LogFile.txt

      Filesize

      10KB

      MD5

      078c3de8f40eab2f97da1fee31e90dc8

      SHA1

      10785834dfb8ea962764a9c1f672944392fbfff0

      SHA256

      43cedaadb016ba86a5ddfe5492859c1ad65d3c73fad13b2bfeeacf47053a5b02

      SHA512

      bb12b6835ec2854837f86163610538516cf3774a6e98f0c85bc4c3db8b861300af8c31a452e841d5d458f9e9940302f1ad06c48f39465a893b93d85a299319fc

    • C:\Users\Admin\AppData\Local\Temp\20FE9CA7CD6F4BA3BBEF8025E68A3B97\20FE9C~1.TXT

      Filesize

      119KB

      MD5

      2327b6e86e16dd3ae8edd68e6296cb7d

      SHA1

      5f97fdc95ab75af67062cd4b54c24919aa1fd6b6

      SHA256

      6b417f61ac10752bd6736b069022e961e62837d6d8b8042da1ecfb21abc0a54b

      SHA512

      2faf20f8a71c2418f8223baaeda75cdfc2d0cc895177c0a85ad115f4fd2fa335803868b6eaca12c2798f6d075215a8715f83bcfafc19b887415ba67422ff924e

    • C:\Users\Admin\AppData\Local\Temp\27967.bat

      Filesize

      212B

      MD5

      668767f1e0c7ff2b3960447e259e9f00

      SHA1

      32d8abf834cce72f5e845175a0af2513b00504d8

      SHA256

      cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

      SHA512

      c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

    • memory/4564-63-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

      Filesize

      4KB

    • memory/4564-156-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

      Filesize

      4KB