Overview

overview

10

Static

static

3

0177cb22f3...18.exe

windows7-x64

10

0177cb22f3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0177cb22f3250e11c75987246083ca99_JaffaCakes118.exe

  • Size

    136KB

  • MD5

    0177cb22f3250e11c75987246083ca99

  • SHA1

    4771b72352163cd7be68246a5f1ff50e67725e98

  • SHA256

    69808b04b7cbf60aac1482f027648f3a7acf035fa0e2dd6c7338e7c1acd3cedd

  • SHA512

    f119e35398ac647949a857f37e89a956e2672159f5b2a0edd5892c0b76ddf1b07a1e49398d3553106f6f9b5beea3b07836b8c4fba3043c29137644167243ef8a

  • SSDEEP

    1536:Y7mqXOTy6npK9x5WPjeATvbtjYYVHdzqZgIYEOCO3:5qX8jI93WPyAdYZgI2CO3

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0177cb22f3250e11c75987246083ca99_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0177cb22f3250e11c75987246083ca99_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Users\Admin\syvum.exe
      "C:\Users\Admin\syvum.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\syvum.exe
    Filesize

    136KB

    MD5

    37ea01d9a4393dc014269df5f250de27

    SHA1

    698ddab0779c65bc3a1926c6cc844f1c53122309

    SHA256

    51bc5406e8e6441e52d88503c82d5ebb22a4606ee9ca2bd3df68572405a31239

    SHA512

    ae0fa9a207dcea82704ec5f084f213e370ed5e8b45610cd3c675f78c7da780d16cabf13631298446eb0d7be267b1b3b22d977b361d71887cf1bbc91c08c74fa9

    Download Submit