Overview

overview

7

Static

static

3

2ec7f22dac...18.exe

windows7-x64

7

2ec7f22dac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240708-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ec7f22dac6a4714414558667c0fcd0d_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    2ec7f22dac6a4714414558667c0fcd0d

  • SHA1

    df964659a7b6a299143674ef6bfd514426fd89d8

  • SHA256

    9f592e4f1bf399b1b1449c2e5e232a19e7778098118fee649b3dbff7d3a27dcc

  • SHA512

    ddd58672ae148d82d576a9433af6b64c55a1d88487bee65d8960b078053d52f0cd35645faa7bb42149f550b10354d70bca74349fffa0d504f5467ed3579cf40c

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhs:hDXWipuE+K3/SSHgxS

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ec7f22dac6a4714414558667c0fcd0d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ec7f22dac6a4714414558667c0fcd0d_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\DEM584C.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM584C.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3420
      • C:\Users\Admin\AppData\Local\Temp\DEMAF75.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMAF75.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4052
        • C:\Users\Admin\AppData\Local\Temp\DEM5E2.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM5E2.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:2624
          • C:\Users\Admin\AppData\Local\Temp\DEM5C10.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM5C10.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4780
            • C:\Users\Admin\AppData\Local\Temp\DEMB23F.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB23F.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:4408
              • C:\Users\Admin\AppData\Local\Temp\DEM85E.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM85E.exe"
                7⤵
                • Executes dropped EXE
                PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM584C.exe
    Filesize

    14KB

    MD5

    7befb4b24cadfcd2b1c618531aa79d25

    SHA1

    cdefc8c9e2ed42c7720d05890a099d6ed6fdb4ce

    SHA256

    8215927c75bd5d61b6f5c5f2c522356bba7bf912ff913fcfa5981d64a245df96

    SHA512

    5f75445c11f1b224eddd5969fb9efe31f118b19dceb257cf2f4a2d18d30b6d8a8079f93cea1f5f47d70155e0f5a4a0d8ee0ed927ff42b01231ad73380432f346

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5C10.exe
    Filesize

    14KB

    MD5

    9c72eb5d97fb506043c790c1dda687e0

    SHA1

    8b2e67780c2026ed916cb6dc63f0ca24543b29bd

    SHA256

    273438db9dd7758002d5af9883b29a63d28bacd84644a0d0fae67da23a5db1ee

    SHA512

    f0a519dce3b22293f89ccc4a553a94c46d683c16c4fc593950830bea7034cae7d3d127991c2c13a0d4e3b80aa219c9172722f17bb91ef0447e50cdcaed4e74e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5E2.exe
    Filesize

    14KB

    MD5

    5aa332993b4c89d2e239bbd623a72e32

    SHA1

    a68d7213696ccbf5140ebdfe30c8c40f498427c3

    SHA256

    0bbfbee0fc2203954e3bf6ab8858580848b3aa5ca3e56f9a98491ca244ff7209

    SHA512

    b4652483c379fc454bc6249093feab521a8954756913f8a68b3065bde4403910c484ab6e595ae36a4038b7e80dfb30794fe14ceb1ce6ed08c23eeadd429ae67f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM85E.exe
    Filesize

    14KB

    MD5

    952fd287e1471fe0b9369a87e8f9cdfd

    SHA1

    5e6dfa654fa4643014ae28c99d6770d84cb583c4

    SHA256

    904644c3de029b023338576ed6f6270c0e3b43e163ccee09a7413eea7312203d

    SHA512

    8747485e495ffa6a5ce1de39b113a7b4773d3b6845e18564234a8d2e83fea01f936d3a364eba236a77cecdeaf7440d8d440821d92a160cc80c3744070df773e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAF75.exe
    Filesize

    14KB

    MD5

    3db2e64bde9720c5a58353b5d9d9f7f2

    SHA1

    562079b78afee81fcbff9e24b5feb8712a8aa758

    SHA256

    64306f856d48e5aa6860d7d750b7cb2a3875fb521a560322df2812d17bb45e7d

    SHA512

    a4496fd1227377d21a779da1042323cab91c7dca4d6d47a2cc64f3bd8f04e1dbe77e8d421671ae5398687d00c6dc6b17c7e12a691e9014497dace59bb5062278

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB23F.exe
    Filesize

    14KB

    MD5

    a5470f9c223b40918543b03b84bff196

    SHA1

    7aa94abe112aa849c81b6ac835d6698a934bccc3

    SHA256

    a1cc6ad00b5915dd1455e4da0e069b2717fc2dde01449e56046675d165f8909b

    SHA512

    012d1ec299c05b27100c9b292641ad68ebf2d4464a50fe9870b7c79c26e6983c5f770a838b97991fe344a3a2759426456bc863877a3590b910b88418680a18d7

    Download Submit