Overview

overview

7

Static

static

7

407f96162d...18.exe

windows7-x64

7

407f96162d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 06:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    407f96162d507a23d71d0ee1dc42e055_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    407f96162d507a23d71d0ee1dc42e055

  • SHA1

    f16b9fe9f4a103eddf7de56d12d7bbcb52ecc236

  • SHA256

    ab1d4ae7528e91206a2b2374d5db83291df56b41be3d1f83eccb21b240f3a8bc

  • SHA512

    3886b0696a9c323218c87065ab7d7c5f62af83fa322b95ec047b272c5f50d9db19197ccd65466ab144aa95ddd2db92cc0740c327f48ce3c61bc2d583e432af00

  • SSDEEP

    768:qkZa1tZm83YNn0an2a9w8ud5Io8sXuUQR4r+L6tgU02OKAdRgMC:qkYap0an2a93udFurW+L6tgU0tDdWr

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\407f96162d507a23d71d0ee1dc42e055_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\407f96162d507a23d71d0ee1dc42e055_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_check32.bat" "
      2⤵
        PID:3384
    • C:\Windows\SysWOW64\aspimgr.exe
      C:\Windows\SysWOW64\aspimgr.exe
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2808
    • C:\Windows\system32\WerFault.exe
      "C:\Windows\system32\WerFault.exe" -k -lc NDIS NDIS-20240713-0615.dmp
      1⤵
        PID:2660

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\_check32.bat
              Filesize

              207B

              MD5

              2303d306488834e66264f8213887f8ab

              SHA1

              077ed1471a5749d92a2fa9058f9b91fbc38caf8b

              SHA256

              de74076a292d25d4df0bc935b06ac0168478e88fa1e85c30468619e0c9f27420

              SHA512

              53f3477b3a6ff6194bf233645da1d3f8c0d1272653e43fcb3f01ee9593991099c1ea0100fed62b90c2c9270248dda6bd6891c995e84d402125be063ac19cb392

              Download Submit

            • C:\Windows\SysWOW64\aspimgr.exe
              Filesize

              84KB

              MD5

              bb470d9076b61f0b660e060dd756c918

              SHA1

              69e2e4ac5888aea0bc2cac617eca46398a59329e

              SHA256

              d82b23b25dc47aa2f0a0a48e5b7627d0626804e77dba005b3d5d0be430bade11

              SHA512

              bccaecc6746851ac9147c735f2b3d0818699b1ae665a1aa5c9fb2aa93f384f0bebc032fe5691f9e9f9a0ddb46e6e405910a3a171b6bf8e843612cb80d9d631a5

              Download Submit

            • C:\Windows\db32.txt
              Filesize

              100B

              MD5

              0ec43532ebb4cb128756cae16a6c8a1f

              SHA1

              c1003014cd2c0682e59f00fbb195e4926774c45a

              SHA256

              c7ef2d1f7b0b6339ed60881718c5f76cf1b44292ad6b6c7b7fe5cfb4658e7562

              SHA512

              c7d95cd687ad9a3a21057348a5da7f140cae9b29de90a494a6062297a6c7d9a82c6d6c2293e764552e004465cb4d80a4d8cd07915771efd3cf71de00e6aa9086

              Download Submit

            • C:\Windows\s32.txt
              Filesize

              129B

              MD5

              6e82b6ad2da0e27134d0fdd68683bad3

              SHA1

              973cdd2ed16b4821700aa4e7c6b6f50f44d8226a

              SHA256

              2b02bfda78caf445809c6fdf594610a0f2631abd48578ebed9eb4b30f7076eb5

              SHA512

              fb8a5306962307ed20c05b4c1eb959f2348928890d18ea3f237f145a22b73e32847ddcf3aaf5d5d1a7ed9734cebc53894bc91164b0b6a46d7c343cb1ab84d014

              Download Submit

            • C:\Windows\ws386.ini
              Filesize

              12B

              MD5

              8380fe76ec1fec63ada498b0fefac689

              SHA1

              61e4017ca864f2f076f039d9524ed13129957e2f

              SHA256

              5f7305a68d0aac54587f4ca0183056b30160ac1fbe7bfc7097415d65549c4453

              SHA512

              7ac4832e8f394790e0bf8b7094e12e1163693e946529271d162922f78549c03d687c2820298471c45a613858edc70b7cc9f1168850981d0b476c9155a0ffb5d5

              Download Submit

            • memory/388-0-0x0000000000400000-0x0000000000423000-memory.dmp

              Filesize

              140KB

              Download

            • memory/388-16-0x0000000000400000-0x0000000000423000-memory.dmp

              Filesize

              140KB

              Download