Overview

overview

7

Static

static

3

3e1e7c7e64...18.exe

windows7-x64

7

3e1e7c7e64...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e1e7c7e6497e6fa420f8314ba6195a4_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    3e1e7c7e6497e6fa420f8314ba6195a4

  • SHA1

    86c3033abc23c1fefc9923f59c2d5be9592f25e3

  • SHA256

    388b551b3897c30d49b4559696b0ecb30333ed59aecc26558ebe6017ecef271c

  • SHA512

    cd2417e3fa5a5202342cd536190b304ea9f5753534c67fdbe7f2e16e7dfe31db83b4b23e2e3065e69bb0f7e2f520ba87021eb522e429aeb03572a1effef76206

  • SSDEEP

    49152:mJkeJgoel/e4TKjwHBeiAxdFuQMUuc8UP7xv4:mJk6uPytB8UPK

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e1e7c7e6497e6fa420f8314ba6195a4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e1e7c7e6497e6fa420f8314ba6195a4_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3388
    • C:\Users\Admin\AppData\Local\Temp\tf0.exe
      "C:\Users\Admin\AppData\Local\Temp\tf0.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3868
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe"
        3⤵
        • Executes dropped EXE
        PID:3180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Install.log
    Filesize

    475B

    MD5

    6326e10b760f2d1ab19fba7e1db40e42

    SHA1

    9c4195b9f31d15effcb3e7d39215a40c34ba0591

    SHA256

    66a230d125f7179079b4f2d2533e3f1d1f4e9897ca52805b2cb30caf4969e281

    SHA512

    b93fc3d7819e2a6b29049974ff929584f0a9fa6bd82e103b6edfffbf5dc4431931900ebc64d16d8e3fab5b2ed843a728a63b5e9d573d09b1f639880e102c1796

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe
    Filesize

    86KB

    MD5

    05d076f8b51da09aad5f9f57784f6a3a

    SHA1

    abf5e5b1c72445a4b698b50f7dce7f3cbeb0eac5

    SHA256

    8dba395134f485c8ee5aa1e5d7ff85dce83ff38ccf60d3489c071b1a263c9bf4

    SHA512

    b033d54dcb441ced210129e2f03c129bf31741108fda4405660bad50abfca5e222c13a1b003d6547bc9a6227025d7e35fe38b4445bebd0c5e2b6afb729719b6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tf0.exe
    Filesize

    1.5MB

    MD5

    5ba877d05ac6b87a72db8ae8ade00e48

    SHA1

    429fb1857f5ecff5f0fb0c0bbc8e375912139d91

    SHA256

    fc96f8d4e172ad321c40b5154acc6c7ed74ee5d7e62c739774fdbc3c0c7e85ef

    SHA512

    1686740dfc573d51ef8b12f8d977019808661232b0359e503eb45c5e4eb05185a2fd8842047e96245721ddcd935f8d64fbfdebe793a99879f79069164df67375

    Download Submit

  • memory/3180-49-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3388-47-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3868-8-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3868-48-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download