Overview

overview

7

Static

static

3

7238f67e8c...18.exe

windows7-x64

7

7238f67e8c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 02:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7238f67e8c5cd98b8967b55f761e61c5_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    7238f67e8c5cd98b8967b55f761e61c5

  • SHA1

    53a65e85416e764d13353d84d6e02c409ac72958

  • SHA256

    95fafe1940cc787c0ee93e6ab2590bbbb8e2f2f28d1e209984b5c29ca8abd5ba

  • SHA512

    8214b77b91f36d423fb0e6b97c565c2c7c7da10254af91373c0c7b9d056725dd1f8e4a1863e95ee130c22f1103528a6c1582b723ccb7c5474586461ddca6a84e

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhWg:hDXWipuE+K3/SSHgxcg

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7238f67e8c5cd98b8967b55f761e61c5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7238f67e8c5cd98b8967b55f761e61c5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Users\Admin\AppData\Local\Temp\DEMC0CF.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMC0CF.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:64
      • C:\Users\Admin\AppData\Local\Temp\DEM1817.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM1817.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3804
        • C:\Users\Admin\AppData\Local\Temp\DEM6E84.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM6E84.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4892
          • C:\Users\Admin\AppData\Local\Temp\DEMC416.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMC416.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3492
            • C:\Users\Admin\AppData\Local\Temp\DEM1A83.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM1A83.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:468
              • C:\Users\Admin\AppData\Local\Temp\DEM70D1.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM70D1.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4276

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\DEM1817.exe
          Filesize

          14KB

          MD5

          2fe72c09779503f22106a4c980710c9e

          SHA1

          9fc39626dadc783967e12e35ff0d99abbee774c0

          SHA256

          764597f1f7cfc962565e957bc7ca055bc0c4293f6b436c812b9fb4d578e532e4

          SHA512

          25c702555a754c334565761d973f286e7bc178657f66253971df56b0cd8e8d96369d972d676c499f2e501ab04ef25aa400e4389929607364ffdd4ffb40439dd2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM1A83.exe
          Filesize

          14KB

          MD5

          6394bceb5fd1525bb55e4da85b4941de

          SHA1

          ca3f12e7270134410738e5ec8bdc19183bfee694

          SHA256

          db31edd251ed13df07a7a3ce3929282247d1160c15249962e4153d2fa21797ce

          SHA512

          00682427c1e0089da1997c2d680d65f90a9fc57801c58be4fc28a95954b13a3ce2386b0ad9fc26239fda4e2e5f16657d5d40a19326493062d110a58e756c5b98

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM6E84.exe
          Filesize

          14KB

          MD5

          5f0bb42ffa52949eeab51c65b8970fad

          SHA1

          3e239f84b954484bc009bef5559a43c609dbe80b

          SHA256

          cbe71e18b9830caf2647833b152df1457085bd8db7019e10af868e1b8a89e47a

          SHA512

          24451a6d61fdce41bc753f674723c8ceddb212f97528ca34f2ebb818bb56ff8f7b28732085c54e734ef8ad67b461876c5e6a9534ea09cd7d1f189d24db6935a7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEM70D1.exe
          Filesize

          14KB

          MD5

          004d1df8bc400f9f8f509060891579b7

          SHA1

          39484810641f06fbb8cffef6d1e2512bfeda39f8

          SHA256

          fa30e22cbeb939dfed83d4fe35583103e648749252430082c1aee92060e09fb5

          SHA512

          b0a5caad56933e2892e4f264df2ffc0f26d3a08179e8cab81b38cdf7a724257aec8a2c575e57f0223b8f67451127dc91c74c94539c4e8fa1dbf13280ea09e284

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMC0CF.exe
          Filesize

          14KB

          MD5

          751c4920c1b5922c120679d05b7935e9

          SHA1

          e78a7c4ef3d5b51a519880137d09c09fe57bd8b9

          SHA256

          d33ab5707b41842b29b4787376ec34f4ca441ce16ec003fd4be21769649305bb

          SHA512

          195c0795b45c9f381c9bbca420274e3ee8d477812b6e7253ae4ed5f2a842f8a1f5c2c757c28fe81b9b885d22916b07d2ad6126186b2cfd2cf24de9b50e8bf54d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DEMC416.exe
          Filesize

          14KB

          MD5

          cb93d77ce03996b1063864d15014ff9b

          SHA1

          20303f96f4be3beb878a5dd68b4a8d3dffef185f

          SHA256

          172095b512958e1aa22023014f5a4b93074f87e435a8471d6c9f8670927af458

          SHA512

          db244d57f06a31a8a5e7df31384d8878eafd1b2a21aa925918c06f59e066199e5c906055c12342fbe7c63c8074aaa71c03d3bb46259be0ffe4b878c593825fce

          Download Submit