Overview

overview

10

Static

static

3

452322d171...18.exe

windows7-x64

10

452322d171...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 08:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    452322d17140bb777e40aa39cb958eb7_JaffaCakes118.exe

  • Size

    96KB

  • MD5

    452322d17140bb777e40aa39cb958eb7

  • SHA1

    3e3efd57b156481b5e9536392791cc036c235665

  • SHA256

    4680e63c3681a71310a659e8f6667692201c5cf4de7a2cc24933d540567d59d3

  • SHA512

    0639ac38a3fe721d43502c9a36a763984ae2cd629c7e8b6f408d70d700892c7a54867098cc75891c2e6c754866beb520af2183301531232c539c410d2936c633

  • SSDEEP

    1536:6vhBHuf6cOahbdkGulSc16l6u+NMMl/KlYv1T4hThF/NIjnZnh:w4hb6lu88FF/Cndh

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\452322d17140bb777e40aa39cb958eb7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\452322d17140bb777e40aa39cb958eb7_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Users\Admin\seeziq.exe
      "C:\Users\Admin\seeziq.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1936

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\seeziq.exe
          Filesize

          96KB

          MD5

          d7516e7debb57dbf9ea3aaf154e9d537

          SHA1

          252f74de53d9b9dd8c2819225e5ae58f2343d9d2

          SHA256

          57b1fa6fd6c413025bb3d6068a6d53ace3739304507e2017e277ad4cd07228c6

          SHA512

          0ee127d107ec6a1ff4cf7a650b63fe35055d78ec9f6bfe357da6476035a845169b3cd104976c6f9aeec59709b629fda0eb57017c6c3408b68cd6cd5009e29a6d

          Download Submit