Overview

overview

10

Static

static

3

72fefb8ec2...18.exe

windows7-x64

10

72fefb8ec2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72fefb8ec214def5a68ec0e2181f40ac_JaffaCakes118.exe

  • Size

    68KB

  • MD5

    72fefb8ec214def5a68ec0e2181f40ac

  • SHA1

    915d90573bc90398efe1b020cb6300bda6d9437d

  • SHA256

    6069e3c1adf56ab739b3d995e74d2eb8e069ce522623973af5168f39081602f3

  • SHA512

    fad99b182727eb25b29e20d40641873a428ef3837914a1cf5f9ba55a341cb2568405455c57333c769d78f0792d13b7df7edd96c35ebcf2930ea8b261d14c81ea

  • SSDEEP

    768:YcUliTd21x6Al+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:HUIxIQAcqOK3qowgnt1d

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72fefb8ec214def5a68ec0e2181f40ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\72fefb8ec214def5a68ec0e2181f40ac_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\Users\Admin\Admin.exe
      "C:\Users\Admin\Admin.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Admin.exe
    Filesize

    68KB

    MD5

    e1ca0f28fb0a4ad50029b53b36b6dcab

    SHA1

    4062e09dd6691d7e9c609bdcfc54e4b883d9b951

    SHA256

    9516a945cbf8181e2ad6d07e7a93d677f6f3843b3b6e9f29090885b27e1f61c8

    SHA512

    d64290b0e66159e6571b25db6361670690fefd7ac302acca688da6e6a102e6aa8d8edfbafe03a84ba73fcc4457fa817a68d4ca0c32fa6955e47862b6dce267bf

    Download Submit

  • memory/964-33-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3936-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download