Overview

overview

10

Static

static

3

04f06ab4a9...18.exe

windows7-x64

10

04f06ab4a9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04f06ab4a97367739cadcaf57b8c200a_JaffaCakes118.exe

  • Size

    96KB

  • MD5

    04f06ab4a97367739cadcaf57b8c200a

  • SHA1

    99d3701fa550e0cb4ba4b70ba2de9100d5cfdf56

  • SHA256

    bc59ee069ccde6ca5963358d978af44f641b115ac2f104e5ba0aef4a8a79eaaf

  • SHA512

    306866df6911d1075eee07f040932c23313fbc6a4213884acd3a9051a22335584c94261e43197152730535b3654424fe7eb7f9b028cb70d42626d2d3aff0770b

  • SSDEEP

    1536:IHQBHIf6cO/hjwlkGulSc16l6u+NMMl/KlYv1Tq5ThFfNIjnZ5V:7zhjwClu8CFFfCn7V

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04f06ab4a97367739cadcaf57b8c200a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04f06ab4a97367739cadcaf57b8c200a_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Users\Admin\beeob.exe
      "C:\Users\Admin\beeob.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\beeob.exe
    Filesize

    96KB

    MD5

    0fc7feea2e60e27db6f64742cfe47857

    SHA1

    aef43ec883e65636fb138f35b4317cc0e3ee712f

    SHA256

    d235c4b9dc43651041a58a5f6f53e40c2a6fb14275b5792d26d696404f4e8199

    SHA512

    877a7396e2c76c219f250333465159d1d1e8561c378bc883edbd01a559ee39903510e4c344b1d4dbc4470d5419b9a7d44cd3a3497f613a7568221f35e553ef97

    Download Submit