Overview

overview

7

Static

static

1

1c1f6a017b...18.exe

windows7-x64

7

1c1f6a017b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c1f6a017b6ad853c104a4694e2a7db3_JaffaCakes118.exe

  • Size

    479KB

  • MD5

    1c1f6a017b6ad853c104a4694e2a7db3

  • SHA1

    2de1f92d9b17acb1240bc55078d20b3b72d19deb

  • SHA256

    4af107c2bf1a685b6d22a3ed5835ace0910c867330edeef80c0f9d2a88f19f6d

  • SHA512

    6c3b05c154f9b63ac3332c19845bf69b6ae911e8c23e34688bb28bd11d2a30e3129466cbd6178ab1bf17879a3fe327cacaee3b365159b53fba0f0bf345034a27

  • SSDEEP

    12288:4vr3ZBIRjIqcY0soQ9jjjQGx7OzIEyt6RjMrgy:47ZB2jIqcYxoQ9cBpjCgy

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c1f6a017b6ad853c104a4694e2a7db3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c1f6a017b6ad853c104a4694e2a7db3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\Set4AC4.tmp
      "C:\Users\Admin\AppData\Local\Temp\Set4AC4.tmp"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\SmartInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\SmartInstaller.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks processor information in registry
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\Background.bmp
    Filesize

    193KB

    MD5

    76acf54f48967c3a57d25e4e5d78f074

    SHA1

    654c7b072288aa9d611fe81bf081f7f48360a104

    SHA256

    9e1344c699cd1c9efa41e9e3b8f279442a2addeefa0a7200c8b9bbb6d8f6cd2f

    SHA512

    ad5a3ea4615445f63b2c44616e7e052fe387a8c2758dc53d9bbc6325f2f550aa37c0a9cefd321f05a767617770265d9d86bdfef20e5ced2bb63ec83c50f9569c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\ConfigParams.ini
    Filesize

    1KB

    MD5

    75bc433c9b339361b49a76b92041b16a

    SHA1

    3423e6fad0413a5d7217845cd6aec86df93a9a3e

    SHA256

    b09785a488b89be3bb0d4f42101b24ed7c38b1199f7f2dc17a111d3601075385

    SHA512

    5fafabffb5adfb103d71e0b02040b872217f73ab2efc5db62c181647951eb8398da9e4669a17b1eead93767a51c0556b209cca766fdaa1b80b3da25a7da31810

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\Language.ini
    Filesize

    50KB

    MD5

    25ddb1c2da42f95183f2c0cf23070093

    SHA1

    2284ef306685dfdb437446512f9bd76c9ec496de

    SHA256

    ea8b5397d0aaa7a772a1eff9b4c4639f92d46783907c70fc3ea85f72346a9e0f

    SHA512

    73aefec0973134288630c21b7d395127c7a5202405597448bf025c88366d710f94696f9e67e5c11296f73ef540e8d2304ce7eee422305098deb34a4f86df39a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\Preloader.jpg
    Filesize

    34KB

    MD5

    ee10f9a45c1da25421ae0d08dd7dc222

    SHA1

    15477f82c0cc544977f6040405dc1f56e6d4b0d3

    SHA256

    6c8e1f47b5766ab0734a1d7b1ca580b054851fc762c6d7dcd32ba43b1fc8e651

    SHA512

    54162bf40cb6e137f955bd1cca17f8b442c811b9f2e2e62d5bc902074da434a6b332fdb0340207e959bfa7959e51284ac2d7e22e81c49fd5d9728fda1ad7ebfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\SmartInstaller.exe
    Filesize

    594KB

    MD5

    9aff4ef8090f2bc8166ce26eaa44e25e

    SHA1

    0afe7a3f179c619bf2607c9a419b2b73182102b5

    SHA256

    7bcc9acf653be63c4700a2c28be2fe47879ef7a5d94a60767134a984bcf43f3d

    SHA512

    42ea3f950143b643e271d7a3cdd14415b8cbce7e239dd35ff405baf9a33344a84b40abe159473de525904c56e8ff603a238c75493799ccb7d65bb099a40aa009

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyCasino_Installer\zlib.dll
    Filesize

    52KB

    MD5

    4965107d112666d3835308a831a29274

    SHA1

    50439b99ce525ecb74c554e1dc43ddb39481dfa4

    SHA256

    105280995cd5746078d67b8651dfe4ad2abcd532d7ad528d3100c535b0b538af

    SHA512

    38fa8f0eeadd75bf212eaab458833cfd3445d00f3d77f1f8a86b7c3ba99376231c8b3fc3cfdff6f02f2ca9c90956c76f9055717712d35a7ca7b30172a0010b59

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Set4AC4.tmp
    Filesize

    433KB

    MD5

    7e70ddf4ec0dcdf59a10e08825090c51

    SHA1

    0873d4068c8b98492def0e2fee417798df158abc

    SHA256

    601837e9e674e7ac50c23b9b3a17da9402c3a598e91fcafabee5fa0b10576d75

    SHA512

    e11bdacae5f579709a6e2d55ecdbad4a196ccb08c04e17eeb7ea86b69a933ca45bf68936a616fdb5b1fd967aafeee39654d61c62566f128b01c441687bbe121c

    Download Submit

  • memory/1940-25-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2100-29-0x0000000000A60000-0x0000000000A87000-memory.dmp

    Filesize

    156KB

    Download