Overview

overview

7

Static

static

7

091f6c9150...18.exe

windows7-x64

7

091f6c9150...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    091f6c91505b03e5b15c8e956595c296_JaffaCakes118.exe

  • Size

    600KB

  • MD5

    091f6c91505b03e5b15c8e956595c296

  • SHA1

    f6010467b658729154288f206b89afaaed75b7b9

  • SHA256

    a38634e3367d14601d16388dd0d4720a4e0a2c85f91bad11961a4bad2db028e2

  • SHA512

    e2f952e60f1cbf9e4f1df94e1c12000cd6616ca6a9e976c5cefcdfff3d17f6fe8c53fcbe7a1a5cb2ffd6222bd3d2f81d73bf79f1c21545df71706b623caf4dcc

  • SSDEEP

    12288:TCJnRpGU4jJgmEa3bsKCwseQeU17BK3au7kW:eJRpDaTJ3b2eQeeBG7

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 56 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\091f6c91505b03e5b15c8e956595c296_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\091f6c91505b03e5b15c8e956595c296_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\091F6C~1.EXE >> NUL
      2⤵
        PID:784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\tecmod\tecshl11.dll
      Filesize

      85KB

      MD5

      e1f648f5e1631eaba81edce16837ad57

      SHA1

      14478172be052147c9c68202f4b6ed0a53a77ca2

      SHA256

      2b74fbdc29b19e602fffef81953b5dff07ac93f03fba53080bb6f1604348ac19

      SHA512

      db9f7a9140f39174d28c8c926c0519cfcfe3d362a46a14dd52fb3019eda1fb4996216bc75eea097eede1515358779835269eb345d5f839fe1b1455db691e2e27

      Download Submit

    • memory/4360-1-0x0000000000400000-0x00000000005E3000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4360-9-0x0000000000400000-0x00000000005E3000-memory.dmp

      Filesize

      1.9MB

      Download