Overview

overview

7

Static

static

3

7215a779fc...18.exe

windows7-x64

7

7215a779fc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 01:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7215a779fc6e0554b7d9fef9737e56ec_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    7215a779fc6e0554b7d9fef9737e56ec

  • SHA1

    74aac8a6e9befcf41551a134ac402904d51fc92f

  • SHA256

    45f71649cd81394ee497c2b16f82c1126275b689181b062a25a3d8276e4e36b2

  • SHA512

    fff2fe442a392830cc194fe2ea16cc2771025b6878e609730eff165c873918407b6221fa0ed93f65496c704fada54228b50e32d2bd501d86280d36edf1b44e9d

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYlcU:hDXWipuE+K3/SSHgxmlcU

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7215a779fc6e0554b7d9fef9737e56ec_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7215a779fc6e0554b7d9fef9737e56ec_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Users\Admin\AppData\Local\Temp\DEMB575.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMB575.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Users\Admin\AppData\Local\Temp\DEMC40.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMC40.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3880
        • C:\Users\Admin\AppData\Local\Temp\DEM62AD.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM62AD.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2788
          • C:\Users\Admin\AppData\Local\Temp\DEMB8EB.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMB8EB.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3464
            • C:\Users\Admin\AppData\Local\Temp\DEMF0A.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMF0A.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:324
              • C:\Users\Admin\AppData\Local\Temp\DEM6548.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM6548.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM62AD.exe
    Filesize

    15KB

    MD5

    389015384f81671edeb0553bf784b00f

    SHA1

    1953f62df62e78bdbf92b8a3879bad9c148a360a

    SHA256

    c5e67f1f4ccf1be2b7149444766782a1ea0388e75743ad850304f140f7105378

    SHA512

    74e3329777074e708d052f09d57f6954928054535b0dfc83d4643e7a0b629021ecc7557be003415d5e08c45c60124682f3aa21230b31215ce6f03c9f4f3b5ba2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6548.exe
    Filesize

    15KB

    MD5

    290e1efb0b63c5c51fb3a79a867e4c1b

    SHA1

    4e24b883bde87509745b46a8f03513b7c073bb4c

    SHA256

    995a6f197f471203b4a5782d4b34db2e23199beabe4dd943317cc0f21577c490

    SHA512

    be2779a201cf3881f3c89b9aa8e3f5335ef835a88eb7b260cba4c111d57ed4b6d52ecf0c25aa686cd946a802f96a3352057655efb9918f31811fceaa1b3ea827

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB575.exe
    Filesize

    15KB

    MD5

    03258f39c24563dd3bd769b209497ca6

    SHA1

    466205126cffcc53faf8bf702da7028c002facca

    SHA256

    816a429f414eb22c1b93237cdb33e0b2bfef34e0e2ed97849878e15d470548a2

    SHA512

    f4e4347cdeed1aa827aa9c7692c6e7e3e4a8b71b93eaf14c18b8f58cc8217e9e0fb247aba0aece549f4304289d1f15ff8196764b3b3fe7de309f70b9745dac61

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB8EB.exe
    Filesize

    15KB

    MD5

    f248cd5f2efbeed4090b2bd9d37695b4

    SHA1

    b1c068f116fdfb4b079478c457a5b9d4fc86c83b

    SHA256

    f7c7e77442abf9a1f403405934cbadee7f99313577331f4ae1d97a0a1d4a761a

    SHA512

    618b1beac2d7283b2cd9e916d24d846e8bca6a162d1db683b65fc8d3ee5e7814202d05a73e594046412d2bc6fc8e3fd55f058f5f6a50486a2cbe9dcbe0b882c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC40.exe
    Filesize

    15KB

    MD5

    a5dbbba1a7d80a56e1c521e55b7b26f4

    SHA1

    20b102d180b2d94c5fb54d22d80e2071d4b6ea88

    SHA256

    e64d58a175f43facc359d35e2d5263e27451e27623bed8aea711643fd7925368

    SHA512

    db8dc452d863f6c3c0ec25c6927f8416021d0e28fd62e48b54f2dc07b96cfb63b8647da95101c0ac067bb292b75a120b4274c49bccfe592e2569a325f050927e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMF0A.exe
    Filesize

    15KB

    MD5

    972a22b7e31e47fe85d3706629a83698

    SHA1

    ce73d7287329152c557f36b80b2b06913cac1895

    SHA256

    ec82a82998390c0146b99d3a02d51ce87bcbabbdf2a0e8db4a68aaa1e8e81dee

    SHA512

    f2ea013fe639f38bfbae25f6b3dc876fbbc937d0350aad58a5f57d4c9bf7702401cf4c7ebf00f6551a9c6a7ae011d6976318583efcb546ba1cca1a7636529c1e

    Download Submit