Overview

overview

7

Static

static

3

3e672337f1...18.exe

windows7-x64

7

3e672337f1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe

  • Size

    362KB

  • MD5

    3e672337f1c3a4ce68b7bc50401a1b47

  • SHA1

    1c7a36b2b1c3037b0ea8f4134128da3f3b219461

  • SHA256

    174549914d71bc2094c51fa93026d25a5b8596e562e08674c34c605617bdd542

  • SHA512

    359d52d48f67081d6c7923aa84dcf833621bf2144fd53b94713ad1f0e262d3fa09ef1f9dadd4892ceef0ca7c888a5200121a1df08c76802a58368f38997c193a

  • SSDEEP

    6144:b1dlZro5ysCIfP7kKJBImImDyG4TrRERqyoJwREBtSWwLugv/scSDZSiBoYGD:b1dlZo5yjIfp0ocOqyjRS0WwRv/fSWY8

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\CAOSZUL.exe
      "C:\CAOSZUL.exe"
      2⤵
      • Executes dropped EXE
      PID:4764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\CAOSZUL.exe
    Filesize

    42KB

    MD5

    ef6d4da258946c20b8f51ed60b33baf3

    SHA1

    d83226577825e67a8f77d0e87200dfa6847dfa0a

    SHA256

    ad835825461ed8d70a1ebd60f9753395ee94457b6bdf547fc6d8bfa09e2a1fbe

    SHA512

    0d4d2cafe751702d8bbc98f4728a871e1c681242b29f68d9569515412e0e3b54c4b922e256e424af538cececc9afafabefe574ae19717cc64156bbf55adc8a98

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sfx.ini
    Filesize

    182B

    MD5

    ecb753f1d7823905eaf0cda2fb9bf5e4

    SHA1

    4965968431a8a48fbb1eb923e8948104ffc563fa

    SHA256

    dc1e7854b2a77d8c21c971fc6cf8c48fd939ff7e6b1463ef7b72a9439d8df750

    SHA512

    67a341bc999f307dc102b7c26a1cf1a90c8d0718f48cdb85e6dfebe3542198c06a1142dac83ab417cd2696f90ad8dbda7f7ed316efb1db5e8bf0161397c4b822

    Download Submit

  • memory/4764-32-0x0000000005680000-0x0000000005712000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4764-29-0x0000000000B30000-0x0000000000B42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4764-30-0x0000000005540000-0x00000000055DC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4764-31-0x0000000005B90000-0x0000000006134000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4764-28-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4764-33-0x00000000055E0000-0x00000000055EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4764-34-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4764-35-0x0000000005810000-0x0000000005866000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4764-36-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4764-37-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4764-38-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download