Overview

overview

10

Static

static

3

31b892f4f5...18.exe

windows7-x64

10

31b892f4f5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31b892f4f56f200cb49f241a79d06d85_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    31b892f4f56f200cb49f241a79d06d85

  • SHA1

    45b680813b1aa685508acb3cac54cb3ffcd3fa99

  • SHA256

    d53257a23fd3c2952c9968654e1161271299a8121d7e86f4ed6f8afe8155a09d

  • SHA512

    2fc5960c5258acc0660def66b38d749f84a21beb588dd06542c3e7a94286891d09c6ff84230ae0d79a14bd13c3962e575138b4de9f796cfa24c99375bbd1992f

  • SSDEEP

    768:SANEhmWggFcXsv+6wH9H7MfygXaDMFQXD7e:SAam6FcXa6NNDsQXD7

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31b892f4f56f200cb49f241a79d06d85_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\31b892f4f56f200cb49f241a79d06d85_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\woaurud.exe
      "C:\Users\Admin\woaurud.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\woaurud.exe
    Filesize

    48KB

    MD5

    9d50d7e467d8b09d66e07a0546d3f871

    SHA1

    7fb317faceea0a3186f4b07bb4a6bdd0daa0697e

    SHA256

    825d7b8e398d683c8b14409c8f2616715bbdcc10b3ff936073617980d8618bc3

    SHA512

    e33ff97cb4a7a897bd56ccb68e9532e1b8e8eae32a0c443b86c0760eaba62e49ca2a10024f85d2513aaf2c14c9df7eecca537313dc0250a161a7a53de074b16f

    Download Submit