Overview

overview

7

Static

static

3

3687024420...18.exe

windows7-x64

7

3687024420...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 21:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3687024420926c956f6260405aa08592_JaffaCakes118.exe

  • Size

    968KB

  • MD5

    3687024420926c956f6260405aa08592

  • SHA1

    ca20482a996191bca09693b6bfc0411ee1bbfcd5

  • SHA256

    794c9496ba67d57f2efcbe14ad1c7ce3e4f8744d7c73933b31f9f918cffd79bf

  • SHA512

    fe7725ff305aa9042d5dd737c10a69924c0a32a5fd81727494e9f15e1426b72d94fe92bfaa2eeaa35596803db7c619c4c214f39ad0ec4730c8e5c747dfad7551

  • SSDEEP

    12288:mM/jV2M+kpXTwPj+ic+OTQ/GI5BZyE78XIshCR/uRVmmkrtGMWKZUKb4rB30e/:mMtQjhckz73zRBtGlYe/

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3687024420926c956f6260405aa08592_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3687024420926c956f6260405aa08592_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\~sfx001044F5A9\SkyKeygen.exe
      "C:\Users\Admin\AppData\Local\Temp\~sfx001044F5A9\SkyKeygen.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4404

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\~sfx001044F5A9\GIFviewer.ocx
          Filesize

          100KB

          MD5

          73404435b36b8cb9ea68be6d4249488e

          SHA1

          ecd6f0e28c4f4ac6c1943a7647f42a5d91c14f02

          SHA256

          2123cadad9f7da81601c5e09105a569fedda561b4b12e87f0c0f6b4afa286e5c

          SHA512

          e260099024bdc4711ef068455e350cb400042f5fd5066b07b024e49b8a13b6c058347f2e4e68ff73704358b51db851e4e06c28cb2f3cd36b64d9023c748dcad7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~sfx001044F5A9\SkyKeygen.exe
          Filesize

          652KB

          MD5

          a74ca831ea4dfc69603c1317c9364c82

          SHA1

          1cf2c095895a56abf878853f3b577de2bb0277c4

          SHA256

          e7cbb695ee6f15c573ebbc130c11068c28cc7f9038f046b4ddbea63372553526

          SHA512

          62ba15b1940e63d5d2f0751b644ec0cb8860f767ee3613e3d8aaaded3f807c8e26a828b220f23953e5b015d52441afc7d0fe723532e65e6795db81522310636e

          Download Submit

        • memory/4392-58-0x0000000000400000-0x000000000053B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4404-24-0x0000000003710000-0x0000000003711000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-26-0x0000000002E70000-0x0000000002E71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-23-0x0000000003740000-0x0000000003741000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-22-0x0000000003990000-0x0000000003991000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-29-0x00000000039F0000-0x00000000039F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-28-0x0000000003A30000-0x0000000003A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-27-0x0000000003A60000-0x0000000003A61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-21-0x00000000039C0000-0x00000000039C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-25-0x00000000036C0000-0x00000000036C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-20-0x0000000002E40000-0x0000000002E41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-59-0x0000000002E40000-0x0000000002E41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-60-0x00000000039C0000-0x00000000039C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-62-0x0000000003710000-0x0000000003711000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4404-63-0x00000000039F0000-0x00000000039F1000-memory.dmp

          Filesize

          4KB

          Download