Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 03:04

General

  • Target

    47f13cf60a4f1d02784afc85702bedba_JaffaCakes118.exe

  • Size

    493KB

  • MD5

    47f13cf60a4f1d02784afc85702bedba

  • SHA1

    9a462b0f2e888645e4bde83391da0eb333db34e0

  • SHA256

    a1eef8a5a7b1640d2f161a67563766b6dd899f1ada93426c1fc1e2e599323f18

  • SHA512

    d26cccbc1fa16fb54b323f8e560f31cf707d1bc4104fa9f3485e2b854a5ced5d9045a706aef082f2ca2227960306940f4aaf623d628129e72f7c5cbf7d0cb914

  • SSDEEP

    6144:/sShZWyrW/gR4nsnDYdCzxyn1Nmrf2mzq46uyIuKmL03yNH6AYdzlRx1edQRX6YL:/anskwzYn1YTHpIzKmgih65udQhQ0kc

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47f13cf60a4f1d02784afc85702bedba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\47f13cf60a4f1d02784afc85702bedba_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Users\Admin\AppData\Local\Temp\sizengb5.vi0.exe
      "C:\Users\Admin\AppData\Local\Temp\sizengb5.vi0.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Users\Admin\AppData\Roaming\Microsoft\winlog.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\winlog.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sizengb5.vi0.exe

    Filesize

    141KB

    MD5

    a142e11261041cbb97bf9a6848423ee4

    SHA1

    f932c93eaeed6d104af232e99442ead254fa4352

    SHA256

    54231a7fd587a624c08166605b733fed6e4d1a9861e599fba6619bb6583103b6

    SHA512

    06ad01c2696aef16dcb7effd4df1bd72c7610845464ca7eec93f1b8de86a0a84d299d4fd0ff709142e98680770450d2b0f1e22c574a6014a608c1b5e4879e1df

  • memory/2156-48-0x0000000011490000-0x00000000114BA000-memory.dmp

    Filesize

    168KB

  • memory/4460-47-0x0000000011490000-0x00000000114BA000-memory.dmp

    Filesize

    168KB

  • memory/4996-0-0x0000000074782000-0x0000000074783000-memory.dmp

    Filesize

    4KB

  • memory/4996-1-0x0000000074780000-0x0000000074D31000-memory.dmp

    Filesize

    5.7MB

  • memory/4996-2-0x0000000074780000-0x0000000074D31000-memory.dmp

    Filesize

    5.7MB

  • memory/4996-38-0x0000000074780000-0x0000000074D31000-memory.dmp

    Filesize

    5.7MB

  • memory/4996-39-0x0000000074780000-0x0000000074D31000-memory.dmp

    Filesize

    5.7MB

  • memory/4996-49-0x0000000074782000-0x0000000074783000-memory.dmp

    Filesize

    4KB

  • memory/4996-50-0x0000000074780000-0x0000000074D31000-memory.dmp

    Filesize

    5.7MB