Overview

overview

7

Static

static

3

19cba72901...18.exe

windows7-x64

3

19cba72901...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19cba72901f33de7b762f9788cc86038_JaffaCakes118.exe

  • Size

    371KB

  • MD5

    19cba72901f33de7b762f9788cc86038

  • SHA1

    c1df2246013881168c101306e989dbb401c284fe

  • SHA256

    94230a66edf968de2ad38bf0dce3d450adb26194cef2a2d15f8a0d54dd10c6c7

  • SHA512

    8b78d5522140e3c598b7fac222e652ad3522a944f84b9e68bcf7ca80937e20e1f4fb1e57e31978b58605af9dcc8bd6bd2c0c847faf0bef03132ca9962bff45fe

  • SSDEEP

    6144:AKvf+NgElN4mrhteIf0vlA52FcaAhIBHDubRBxFEzwLlG+rPqdx6/LOO6NH3Cr1Q:z5GSmrrem2f8YIRPFEkLI+rnTOOeXC6

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19cba72901f33de7b762f9788cc86038_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\19cba72901f33de7b762f9788cc86038_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
      2⤵
        PID:3468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\delself.bat
      Filesize

      198B

      MD5

      8a72b7c0bce625b5b56447af9d1ae726

      SHA1

      ed9551d0c082e7b540cab157073d3962489dc58a

      SHA256

      e50cdf5be772ab35c4d5e586c462c40e93d6b51089b3321e2ea660fa20dac300

      SHA512

      fae7c72f8613d844312f23e01868b6028351dea51956552d62c5382ce84b6dadd62210cf6e3d189a36108481bfc0c64500485ad0ba2102634f96b437f1a8aa79

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp386A.tmp
      Filesize

      3KB

      MD5

      ca844baad08eff0937c4e7e259660d1d

      SHA1

      4df512c9ead25e5dcfe393a414868b253cac4d2a

      SHA256

      6865bce140561a066f0df29af150b7df5761e51f90c2e0b20bacc0707da85dbb

      SHA512

      b700c750bdff7bb02fde014c47e918b3d6683905d2fdc416b93ec88b36d59037dcb469228170dac7fb8f785a1deb6cb4d2cd461db57d03c04419f8a1ef2a87f3

      Download Submit

    • C:\Windows\SysWOW64\gnolnait.dll
      Filesize

      14KB

      MD5

      c8d12d8d606cea3cc6f933a437c0cd23

      SHA1

      2a194f5d7a4c69bcf163ba4ebe4a24dcd395b233

      SHA256

      e07c09fa1a7a2fe4ce5f5bbc5e7a419090c54443a46eff594214c999de769de1

      SHA512

      40d1b1cbe40280bc22f8d7eadb8f0ade5e055de2773c8e7ddbb5aff8a4f9921589d909e651d4a24e543f66d2ca3953c8dce3319f2f72aaed7ebc312a2de8e579

      Download Submit

    • C:\name.log
      Filesize

      56B

      MD5

      7d2b5bb0c20aff2563a0d5dcd3b5632a

      SHA1

      1a4ac79f211b0e42a79d10fc94cfb5bc7dd26c0a

      SHA256

      e0d6a8df5d9342eac8e3f943be9bc44d214fea5a91f4b46ed899196905521443

      SHA512

      159579335fed32f30a519057c4a7b1944523e58769c8467491bbaf9682cb9c0b987520b5bc8c8f19c21d70a3f3cbc44ed9ddaa59a20b4b1229f66d5769f6f89b

      Download Submit

    • memory/2384-33-0x0000000003350000-0x0000000003351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-29-0x0000000003360000-0x0000000003361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-8-0x0000000002380000-0x0000000002381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-10-0x0000000002340000-0x0000000002341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-38-0x0000000025000000-0x000000002501A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2384-37-0x00000000020F0000-0x00000000020F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-36-0x0000000002370000-0x0000000002371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-35-0x0000000003330000-0x0000000003331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-34-0x0000000003340000-0x0000000003341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-32-0x00000000020E0000-0x00000000020E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-0-0x0000000000570000-0x00000000005D3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2384-31-0x0000000003300000-0x0000000003307000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2384-11-0x0000000003320000-0x0000000003321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-9-0x00000000023B0000-0x00000000023B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-7-0x0000000002390000-0x0000000002391000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-6-0x0000000002320000-0x0000000002321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-5-0x0000000002330000-0x0000000002331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-4-0x00000000023A0000-0x00000000023A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-12-0x0000000003310000-0x0000000003311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-3-0x0000000002350000-0x0000000002351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2384-2-0x00000000021A0000-0x00000000021F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2384-1130-0x00000000021A0000-0x00000000021F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2384-1129-0x0000000025000000-0x000000002501A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2384-1128-0x0000000000400000-0x0000000000461000-memory.dmp

      Filesize

      388KB

      Download

    • memory/2384-1127-0x0000000000570000-0x00000000005D3000-memory.dmp

      Filesize

      396KB

      Download

    • memory/2384-1-0x0000000000400000-0x0000000000461000-memory.dmp

      Filesize

      388KB

      Download