Overview

overview

7

Static

static

3

2ad18b636e...18.exe

windows7-x64

7

2ad18b636e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ad18b636e6f3bcab9ea43821acc432a_JaffaCakes118.exe

  • Size

    401KB

  • MD5

    2ad18b636e6f3bcab9ea43821acc432a

  • SHA1

    e1f1e172435d736e8b0193710b36bfaa891d7980

  • SHA256

    162b2832dcd20580d9367b89a8d0a3b3ef9b1a0e082fc647585f28242393f7e8

  • SHA512

    250fc847de47df0ac083626b0d0822f4a700398f8187d8b6cfc46cad4922e37c285d4be152a1b0259eae1ecb7065bf5640cdf3b7d43cd05ec9d4ff3990a3d2be

  • SSDEEP

    12288:gutrzh9xOXkOXmPNFUns62osFhLlpym2je76w:gutr5OUOXmPYZ2oiFlpymEO6w

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad18b636e6f3bcab9ea43821acc432a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad18b636e6f3bcab9ea43821acc432a_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4860
    • C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe
      "C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe"
      2⤵
      • Executes dropped EXE
      PID:3784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe
    Filesize

    1.8MB

    MD5

    76c51c4280c22bad1c37602f3115d399

    SHA1

    3b142251e1b043f9b515128b6103fcc5b544b851

    SHA256

    a1d5bd61eedea7422fc3b887e6b103656a23632cc39a7a279edf7b27333fa257

    SHA512

    d0c8e045b8cdfe78c84da5c79773101162a75dc9ff662cca2a0bf7c0a1c3c6508c77d56f562c5d220aae23848801f2f1954851bec51d3afc83688fb6c584e559

    Download Submit

  • memory/3784-9-0x00000000009D0000-0x00000000009D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3784-10-0x0000000000010000-0x00000000001E6000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3784-12-0x00000000009D0000-0x00000000009D1000-memory.dmp

    Filesize

    4KB

    Download