Overview

overview

7

Static

static

3

4617d35157...18.exe

windows7-x64

7

4617d35157...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 13:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4617d351571b290dd2ac18f5a9cb01e1_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    4617d351571b290dd2ac18f5a9cb01e1

  • SHA1

    d8f8b8512c8293fbc46d570da50959c43fb67ee4

  • SHA256

    545e23521013ade9bf24bcf2309568ad1d40689c000c583cdd6f2f2a2b224330

  • SHA512

    d5054893ea648b8e11372ff52208c06e136b8dd166499c5fe9a96fb1a56107b1466c47af6700f5f30fbed5ef52b719b452d351c52a617b87da857f803145a42f

  • SSDEEP

    49152:Ek8z91KUD9yUNmHPHATQrskjwB4U7IOa12:EH91LD99NymQQkjiT

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 8 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3544
      • C:\Users\Admin\AppData\Local\Temp\4617d351571b290dd2ac18f5a9cb01e1_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\4617d351571b290dd2ac18f5a9cb01e1_JaffaCakes118.exe"
        2⤵
        • Checks computer location settings
        • Drops desktop.ini file(s)
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3704
        • C:\Users\Admin\AppData\Local\Temp\server.exe
          "C:\Users\Admin\AppData\Local\Temp\server.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3840
        • C:\Users\Admin\AppData\Local\Temp\Cerberus.exe
          "C:\Users\Admin\AppData\Local\Temp\Cerberus.exe"
          3⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2472

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\Cerberus.exe
            Filesize

            1.7MB

            MD5

            631d76eca045026b55b9691973cac951

            SHA1

            4ff8dfc278992e3432663e08f83cc0796c282438

            SHA256

            883dade7bcba92cb437f9a0acf62f3491c6a6637b0255eb84adc9813601e7572

            SHA512

            3ac4bf1083ac68f9ae769843476decc949fbf827a63adb1cdff46b6908d9dfcd74462c640b58a099f1ab620425e432d72a8d55490abbcaf937f1191bf5cdf866

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Language\English.ini
            Filesize

            20KB

            MD5

            f2764e646669472a50d34848623303be

            SHA1

            d546a7980029656b2a9c343cf65d9bfbdcbef9a5

            SHA256

            8f2cbdb3c23d6072b31dffcb7ad71f0abc37932c9188dc01e5b3a0973f74e6e1

            SHA512

            27c31f0ee8152c3be2dfb9b847fe848d7f87218d214bfc02249305f6089c39b819afa31aac90b91dfcf010dce88866f637eb322c5e359178671cc058a4e1182a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Settings.ini
            Filesize

            2KB

            MD5

            e78bf2ad1240307b13934fea4f01007d

            SHA1

            a494c83dc71555403f16b6fcd9270cbc2e502445

            SHA256

            a4090757cca167cf5333ec231234a773279e69e7c0f57ce9c5f88575e4126602

            SHA512

            5a365f12aaea0d4a165d084c5a14ab2248c8beb4433bd5e7b1f11436e20a647172409f522e775f202bd9b2d35995633fd41c62fb24ed881ed9be90857df9ec00

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\server.exe
            Filesize

            56KB

            MD5

            a2bfaf4ccb6d00671933a423595fc9be

            SHA1

            f264ce9388521764bf8911b8bb4c7ff9a08bc8e8

            SHA256

            1e6800ad5f5592af6bbe63a4f72f45ca73422324c2f915feb0ab69b5d0f5cff1

            SHA512

            a342ee6797b3d97761c1d11dd25991ceb28235a32c6aea2ede1c9f5d3f59feb1a8396865341ea1236f982425e4a040c6185a43ef49b124551db5cb05bae33d8c

            Download Submit

          • memory/2472-1058-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-35-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1096-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1095-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1094-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1092-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1091-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1090-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1089-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1088-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-31-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-32-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-34-0x0000000000401000-0x0000000000859000-memory.dmp

            Filesize

            4.3MB

            Download

          • memory/2472-1087-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1086-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1085-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-729-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-37-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1084-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1082-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1081-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-36-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2472-1083-0x0000000000401000-0x0000000000859000-memory.dmp

            Filesize

            4.3MB

            Download

          • memory/2472-1080-0x0000000000400000-0x0000000000A18566-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/3544-1076-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3544-1077-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3704-3-0x000000001BDC0000-0x000000001BDD4000-memory.dmp

            Filesize

            80KB

            Download

          • memory/3704-33-0x00007FFC5FD50000-0x00007FFC606F1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3704-7-0x000000001C060000-0x000000001C106000-memory.dmp

            Filesize

            664KB

            Download

          • memory/3704-2-0x000000001B810000-0x000000001BCDE000-memory.dmp

            Filesize

            4.8MB

            Download

          • memory/3704-6-0x000000001B2F0000-0x000000001B2FC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/3704-8-0x000000001C200000-0x000000001C29C000-memory.dmp

            Filesize

            624KB

            Download

          • memory/3704-9-0x00007FFC5FD50000-0x00007FFC606F1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3704-1-0x00007FFC5FD50000-0x00007FFC606F1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3704-0-0x00007FFC60005000-0x00007FFC60006000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3704-12-0x00007FFC5FD50000-0x00007FFC606F1000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3704-11-0x000000001C460000-0x000000001C4AC000-memory.dmp

            Filesize

            304KB

            Download

          • memory/3704-10-0x000000001B310000-0x000000001B318000-memory.dmp

            Filesize

            32KB

            Download

          • memory/3840-23-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

            Download

          • memory/3840-1074-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

            Download