Overview

overview

10

Static

static

3

2c2429df5a...18.exe

windows7-x64

10

2c2429df5a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c2429df5ac9be08dd73d8f95e4b356c_JaffaCakes118.exe

  • Size

    204KB

  • MD5

    2c2429df5ac9be08dd73d8f95e4b356c

  • SHA1

    76e70b6b48dbdb113a6d6ec4dd4cb926900b5804

  • SHA256

    c83019846b29f8690e94f61a691d33e34eb8894c18dfdde52af24b82d84fee4e

  • SHA512

    46d8b6bb95bc83dac0d428c2c2bb9bde08a7649204a6ce8b220479e7297e815e0e2efa5f4c1719dbbebfea216e8c95fdd1a94a6e1a016c9d1237f33c702319c3

  • SSDEEP

    3072:WmpW8JCU0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWVUR:x4tU4QxL7B9W0c1RCzR/fSmluG

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c2429df5ac9be08dd73d8f95e4b356c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c2429df5ac9be08dd73d8f95e4b356c_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\meiiy.exe
      "C:\Users\Admin\meiiy.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\meiiy.exe
    Filesize

    204KB

    MD5

    ad3f8f96049ef09d559695b3b728078a

    SHA1

    d10b26ce81721fd0c18b42f9aa4f49ff5b0e3f2a

    SHA256

    ab6d8abc77d451d7552e959c4629e5ad51ed9a80d1986e9bcff4fd2dd0988cac

    SHA512

    c7619633d5fae30eb90b48f276153f0df5b587e594c00bf5353f2bae711966306f16562fc69794f5fda7f129e0ce4a7a9fe4169200d264bc2b8b0bd05c347c13

    Download Submit