Overview

overview

10

Static

static

3

48cf37fb84...18.exe

windows7-x64

10

48cf37fb84...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48cf37fb843093e1c364d8482be80c79_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    48cf37fb843093e1c364d8482be80c79

  • SHA1

    2cc0b32ccc8070a16613153d5c8b25378b4cbed7

  • SHA256

    982d7317f48346260d86e45a231674bdbe488192851f7a36244a11fc414f47ff

  • SHA512

    5847aa8a8460ecd5559510a425933803e270672fb4001ca692f91d3c07a0967e84bc25b9da82ee2bdc40f2de3da7793e81299bffbf96b68adf68d4f627da1614

  • SSDEEP

    768:zDFIvM+ddaqnObOasGEwU8Z1Rbe2kjEQJQ1H7a8zFkzqcwOll:tIUviCU8Z1QjEQJecwOl

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48cf37fb843093e1c364d8482be80c79_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\48cf37fb843093e1c364d8482be80c79_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Users\Admin\soiofi.exe
      "C:\Users\Admin\soiofi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\soiofi.exe
    Filesize

    88KB

    MD5

    9f48fb721d92fde1e5c2822b2e4889b0

    SHA1

    39f73321d5050bffbf1bec2c9ee7c71144c5342b

    SHA256

    2267b4f93f642e4b5bd018bc39e776b4ad63b7079297bc23d7820e0c9e2729b3

    SHA512

    71966590b47f95ac0e3063ebac738e12022be1ecaf7bea975afee6bb5f64e82edb7122bf9d18929c37a13a4932a1ea87fc4de934bd27510fce24db91b7e2bd03

    Download Submit