Overview

overview

7

Static

static

3

7077a5743e...18.exe

windows7-x64

7

7077a5743e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2024 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7077a5743e5120ddc8d7c55df028b1a6_JaffaCakes118.exe

  • Size

    18KB

  • MD5

    7077a5743e5120ddc8d7c55df028b1a6

  • SHA1

    9f89b93a66cca35c5bda01fb24ad75a09bcdf402

  • SHA256

    cb478ca2c5eff7cee99bc3ee482a2acdc7dba2e00019947632e7f550dfe517ca

  • SHA512

    c7b986b61397562877fd29aa2fb5ab90cc257c51520137eb5291c4bc0f00ac64ca1d9aa70dc59b9b51864318caf2241a7eeeee42e8a2488389787de4c6bf91ad

  • SSDEEP

    384:OwJxZRoXwL4CdFgFk4QwOONUgYiqGnsOcjK3NTtYVh7ct8BNI/ulnfWjvOeo:OcxZbL4mFek4QwLb6INTqX7ctsmmln

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7077a5743e5120ddc8d7c55df028b1a6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7077a5743e5120ddc8d7c55df028b1a6_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awer0.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\awer0.bat
    Filesize

    302B

    MD5

    8b117861598181b5a52c2897016744b8

    SHA1

    d9624e24eabf49258e7490f1ad47aa3e86f93fb9

    SHA256

    92c126365ba2e3aa382f45b5906569ec579e657e7b2873a8f4da368efb7e8a28

    SHA512

    354b6b1a46f95545b8905a39dc64883c144f3c4663c628749898bb230be3e0f326d7d8bde3ad9af7ed62e64e24a945abcb9f7bbd988ef136431e2a5b1ce79912

    Download Submit