Overview

overview

7

Static

static

3

75d8cca59d...18.exe

windows7-x64

7

75d8cca59d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75d8cca59d95bcf0fdc8f3b7faa49e0b_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    75d8cca59d95bcf0fdc8f3b7faa49e0b

  • SHA1

    1d158865a8f7d96e4fe2a77e50036755926c58e3

  • SHA256

    e8948f67724fe3b474fc68f7dd82f1fab6ce2ed3191a0f0e90d981878de4b7c6

  • SHA512

    163fc0b45dde925f1688884a123bfdd71e91d64a08431ed6928da2118318546e258b3c569002c144a354d65c3cab51ab61c62a1d070d6df4cd80de9787cabc0a

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhz:hDXWipuE+K3/SSHgx9

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75d8cca59d95bcf0fdc8f3b7faa49e0b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75d8cca59d95bcf0fdc8f3b7faa49e0b_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Users\Admin\AppData\Local\Temp\DEM9F1E.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM9F1E.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Users\Admin\AppData\Local\Temp\DEMFA9C.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMFA9C.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1420
        • C:\Users\Admin\AppData\Local\Temp\DEM51C5.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM51C5.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4780
          • C:\Users\Admin\AppData\Local\Temp\DEMAA74.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMAA74.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2316
            • C:\Users\Admin\AppData\Local\Temp\DEM2C5.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM2C5.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1780
              • C:\Users\Admin\AppData\Local\Temp\DEM5A4B.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM5A4B.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2C5.exe
    Filesize

    14KB

    MD5

    0bea51261381b775f31ab6d71b928bd6

    SHA1

    a86c352b5024614f504056c928f2198d3f4dc209

    SHA256

    c14e8cbaebb572cd65c997d34c065e791e24a567637b4251d2b9112cb75f8fee

    SHA512

    8591424301a30c27c7c93242ba20371e2b4122032bf282a5347541642e8d31b2bde6da2374577638d4c796e2a23a33fda3d9d0224bd3bbbfa6eed4d0dcb5ef57

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM51C5.exe
    Filesize

    14KB

    MD5

    e55c112e6307d54fcd2161ce38442d92

    SHA1

    e9f3f83da79e05ef833c05cc6608e342db9efb2e

    SHA256

    9c754c6f222860d61e91088d9cc93ef5a2f239873aa8ce8ef14630eb2c819ba8

    SHA512

    3a1d2c295602d15f8b701d5e569f41dd68b4878aa81fba2d771fb3931eb978a54a2defcc909481958ff79dd32b1fd7e6a935753e79b198764a7b4bf451ec88e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5A4B.exe
    Filesize

    14KB

    MD5

    51bb433250c251b1e1737821f92b8a6f

    SHA1

    7f2188271d0d231cffad7c8c393eabb84678a610

    SHA256

    a5e27a859f330b7f7bf8c8402b76bd9ad2c1aa025c0ea152b18512a5b5ebd737

    SHA512

    5035a2e7f5f4dfdb509f2b3e3ba07057bf7ef546485776d382458355c7cbde1fec4582956233e6517d5605cd6c0fcfe85377646762d5ac262fc6c43ed0ef5087

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM9F1E.exe
    Filesize

    14KB

    MD5

    e00128d9a8f06f0e526cec3ae48370a1

    SHA1

    26928e427af2683b2162115724571015addb82ed

    SHA256

    79eb361e53696d2dca09907c929db3f856cbfe5162871ee610887d40d6105694

    SHA512

    d53e68453a5fa6c7a2f1b0e1f4df94465013c9ada2b36d73c572de98e407abf148e0e3f4fa35558c1368842c25ca4440b358918cad9ebd2d27ab150e6abd78b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAA74.exe
    Filesize

    14KB

    MD5

    ef1cca69657cf4d26b222a24cc75142c

    SHA1

    dbb356e0df50121a621a6b44e2bece76126248ce

    SHA256

    db3c76456334432cf72caeef25407e7e996c8200643a05ed871dd7c56ddd1456

    SHA512

    b7e55b0cf97961a4f7164aa25a5f5870cd5aa8b45cd1798ad286836bebea0e22345b1dda87661590ae9d1f6f8b2e5e71c856036ebd293c1e7db0a2f68334bee4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMFA9C.exe
    Filesize

    14KB

    MD5

    766126efb1166905560931b8519b4c65

    SHA1

    b11bd03234551bcce37bd3a0c4712ab9c172cac5

    SHA256

    43f1c8681f8c2c16bbe3e9295fa16d161a964b15c63f9f013c21176d110e9187

    SHA512

    28530a07282381bdabc0d0bdbaa8973d388abd2627c9c2cb1a54960fa149221e4cc7df4e218e8a85ad56d0b118e7a4386d38f84b70c4cafd26c98858e10019a1

    Download Submit