Analysis

  • max time kernel
    149s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 21:08

General

  • Target

    36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe

  • Size

    248KB

  • MD5

    36641b0a718d811e74fde8ef7dd0ed32

  • SHA1

    8426c305ac2e732f643d4e1357b57353f7e25e30

  • SHA256

    fe87a12f6e6195ea889f8f8f1f0f48c9cb8c75bf9bc678e1130dd8451b13cc32

  • SHA512

    e7048deb5c4a3fe0e2d0f0890ac369f64d62c46166bdd8a9203bb7030b3b721b172f61f149279b045d97ba46b0ef35baf2a09e062f730a6bc522532d81d3b0d6

  • SSDEEP

    6144:dvM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DO:dE5CLkFfnRnWKnvmb7/D26qndv0DO

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\36641b0a718d811e74fde8ef7dd0ed32_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Users\Admin\wiuwo.exe
      "C:\Users\Admin\wiuwo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\wiuwo.exe

    Filesize

    248KB

    MD5

    23554240e5e8bb49f6e92172cbda3144

    SHA1

    eddbc8a76800b88dcfd775d8c8b87e912a54fcef

    SHA256

    4cca4156691c584747ae9ecf2910a576413f1a0b896658d43c1b05ab41c60960

    SHA512

    61b23cec3ff60c5cbdda8dc0bbf8b99b3253032dcdb8a7029c65eff9043ae777c20f10f3fa9bec8cf4c2162bcc89bbdb7b04a08fb13476cfefa8c7717b592bb7