Analysis
-
max time kernel
146s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
16/07/2024, 00:03
General
-
Target
4bfb85ea199248c2926910dfb9dc1813_JaffaCakes118.exe
-
Size
760KB
-
MD5
4bfb85ea199248c2926910dfb9dc1813
-
SHA1
cd3ee56f47d1aab416e3888de7d096d98fe2b108
-
SHA256
1007bedae3037ba6688fdaf28f1409aa0e970bfacb7322c32c14ee3cd4b57006
-
SHA512
cd04ab670808ac6693abed0f7fe598212022ae28fc008b81bafdb71d6b9b795afcbeecdca136fb765a6fb427e8f1037d4881b5f84e2fe0d7df19bd521389dbe4
-
SSDEEP
12288:72p6tTiSdGSlXVZqO9wILm1Gf81j4bZ5G71ZCgSKOrbYC/DIh0JnCOY73NfRvMiC:7HtTPlXWtILm1Gf8uE1T1CrIhoCOirvC
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 48 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bfb85ea199248c2926910dfb9dc1813_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4bfb85ea199248c2926910dfb9dc1813_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp\WOWÌáÃÜÂë8.exe.bat" "2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp\wlnlgon.exe.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Temp\wlnlgon.exeC:\Users\Admin\AppData\Local\Temp\Temp\wlnlgon.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164B
MD58b0f90c8dc71e16bd1ebaebe0c6691ae
SHA1926c40b998c8fc137e12f92fb956dcca1ac84a7c
SHA25636c18d71b6339b1523ee16199a86b0206520109407d52d21b0a1c70c3788e57d
SHA5126eafb157fad6301b460fce7e8eef02a566b96eaa8d70d3deb0a71ce29e456cc707bae26785eb5c4dfeac8f387b93af4350cf0d04ae88729d903a1c303aeae662
-
Filesize
252KB
MD588313266485a90182d66a7ab4a767d63
SHA1ba705aadc7358b2acfcc459b6fdab24aaeba4190
SHA2562f491390f53908c1715feca4c38e9ebbf8facb2e89c04a6d0f3df5e5b90626e9
SHA5122c6675f9e64bb3a74ca966239bb4e367c34537521c97eff4278d1e72cd4e91d236ab79b0ac706dc54d652956db28bb85cdb208abd4cf247a7d739495ae4f175e
-
Filesize
116B
MD593e05a4ef7f16ae0fbbdd45b01c79b4d
SHA1a08dcac6115911843c6d34c51292e791e4b31e67
SHA2564307f2fa0cd5b4704fdd7812b9021e54b2970a52c1ca3d00d9837cbb093681ad
SHA512ff98fac0bdfdd63b69dde7113bcea6dcf069a674f59ff6ac29750e27e2c94bf81e15af9321924eec59b9475fb01acab52eca5a7be2a79b69e55728df0e145fa1