Overview

overview

7

Static

static

3

61e8c4bb72...18.exe

windows7-x64

7

61e8c4bb72...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 23:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e8c4bb727a5bafcecf3c1b20d789b4_JaffaCakes118.exe

  • Size

    308KB

  • MD5

    61e8c4bb727a5bafcecf3c1b20d789b4

  • SHA1

    a0d53dd91865e34d6c0215faaac4b42697c739d5

  • SHA256

    cdb37c750f2ddddf5e0c536c88d179c93012088c7a1be5c82ca4fcc5e4a08b5a

  • SHA512

    ab97f874079a03b30b68fb6bd42e9f4d703e3623959c148977efe0f3e6e567ba7cd8e245b1f1c7b00a25480bae072519a70a01d6589d97a7e346e3f475bbea5d

  • SSDEEP

    3072:+kQqDrknpea1/J4ad2/4MTxqCsmt9qTh9ukOQXfr5XsE+tttc8i/zavA1zF03g9O:+kQRx7Q6mqTc0pYty8i/zaeW+jExJd

Score
7/10
persistence

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e8c4bb727a5bafcecf3c1b20d789b4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61e8c4bb727a5bafcecf3c1b20d789b4_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Users\Admin\AppData\Local\Temp\JT5T3K9E.9GV.exe
      "C:\Users\Admin\AppData\Local\Temp\JT5T3K9E.9GV.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3476
      • C:\Windows\service.exe
        "C:\Windows\service.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\JT5T3K9E.9GV.exe
    Filesize

    222KB

    MD5

    5a78cc717cd53d9d794be2bd75cb7b1d

    SHA1

    73263bc4f365279f48dfbb05f96a157b3271e9f9

    SHA256

    53e2b9376418b011cd3fb997ec27d39afec077258b5762cc798ea5e66d7f0290

    SHA512

    1a63af48026653fc82c101bb04a5801345edb02d13e5c5fe99d6e1c1a723919cfeb2e78754e2b90a74987f91d8aa00e596104fe303ead262faf9d12e48dd9208

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nriB083.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/2144-34-0x00000000020D0000-0x0000000002143000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2144-38-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2144-37-0x00000000020D0000-0x0000000002143000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2144-33-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2792-8-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/3476-19-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3476-17-0x0000000002120000-0x0000000002193000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3476-35-0x0000000002120000-0x0000000002193000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3476-36-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3476-16-0x0000000002120000-0x0000000002193000-memory.dmp

    Filesize

    460KB

    Download

  • memory/3476-7-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

    Download