Overview

overview

10

Static

static

3

3360b9db78...18.exe

windows7-x64

10

3360b9db78...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3360b9db782730752592d275a53c1ab0_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    3360b9db782730752592d275a53c1ab0

  • SHA1

    82c258df3fe6f52b0c96c2d602d602d4679a4a46

  • SHA256

    1cb582ebc3cae4f703155214be849ac7da4b0c20527fb0aee4ce294e6abc5065

  • SHA512

    651649023b87c5a8f3f2717ad4de6da0d3f083fe7cf8f0f3dd4e484690f9ca3c30287cfbbbd576ea510754a1c7bf8e9ea818e4af6532a2566da177ec014a844a

  • SSDEEP

    3072:pvo0koEdu3kSESulCVRgQPwU3MppI1zePMThBI4oQZiEVMZW:9o3u3ESul9LI1zeEheWTMg

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3360b9db782730752592d275a53c1ab0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3360b9db782730752592d275a53c1ab0_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\meepoa.exe
      "C:\Users\Admin\meepoa.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\meepoa.exe
    Filesize

    156KB

    MD5

    e3730e8af42626d88ff358bacff61d31

    SHA1

    4ae767665ee25ca078a6411f7cf41d83b49b796c

    SHA256

    6bb8a8165083fcec979c0cfeb01e5527d06858419ada47e030851572b53c934c

    SHA512

    72e436c263325cb03eef7302f029a65c536e1e85e04f48d0ac2836940fe020dff90e44327f040ee1719ec222bd4baf49f2ad476f9658bfebf387a50dc5e622f8

    Download Submit

  • memory/2196-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2196-37-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2828-33-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2828-38-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download