Overview

overview

7

Static

static

3

81c646d8dd...18.exe

windows7-x64

7

81c646d8dd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81c646d8ddcefdd19ffc59ef544e347d_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    81c646d8ddcefdd19ffc59ef544e347d

  • SHA1

    7789ad718510327f5cd805596255efc3f60ca95a

  • SHA256

    20528dfc5de0de67868b776213f64340f1c2c24002d37a30c961f8ca6efb1b22

  • SHA512

    f8ca05b13405ad9ed2ad8f42c03a82ac5e5095f596897135d70d7b4c42b191fdbed45d92cddddee412d28b503f3f36ac451747904aec97fdf98c3a33ba65d579

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhZ:hDXWipuE+K3/SSHgxz

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81c646d8ddcefdd19ffc59ef544e347d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81c646d8ddcefdd19ffc59ef544e347d_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Users\Admin\AppData\Local\Temp\DEME501.exe
      "C:\Users\Admin\AppData\Local\Temp\DEME501.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4552
      • C:\Users\Admin\AppData\Local\Temp\DEM3BBC.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM3BBC.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4680
        • C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4244
          • C:\Users\Admin\AppData\Local\Temp\DEME819.exe
            "C:\Users\Admin\AppData\Local\Temp\DEME819.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3712
            • C:\Users\Admin\AppData\Local\Temp\DEM3E96.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM3E96.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4344
              • C:\Users\Admin\AppData\Local\Temp\DEM94C4.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM94C4.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM3BBC.exe
    Filesize

    14KB

    MD5

    e1b19d91c29cefab81bdcde8d3cfccd6

    SHA1

    8e2070b53151ab9229ed48096798a36ddb35892a

    SHA256

    4605966be5089b735e606a3c0a5d999e2d154eabcc4b038cd8fd40b68b9b9aa8

    SHA512

    7822d31b3d6e1dd6025891b34fe86e63e0cdddac57e45affc79e37d2c992fb0a5cda38075c5bdc66d97b136a9a4e91da7635bb83a1aba987bfb6d25bf91d90e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM3E96.exe
    Filesize

    14KB

    MD5

    b2e808c6c889e38e7e371210e1ba27ad

    SHA1

    339d043a9055bf1092a0f8fbfc10595009e9e884

    SHA256

    3a8635132dde9a652fbbf911a6fec40ceec0f310784c474619eed89a8a71e029

    SHA512

    b84250434896dceef4d423375a9ac671c8b182f50d7ba21ca749fee6924b4d242af939a608d36923869f5d77b8bfcb9ebdded1ae60d1389fec96bec125a170ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM91CB.exe
    Filesize

    14KB

    MD5

    273ae10d32011909b8deec7088c97894

    SHA1

    ca61a0825a517292a3139d18fe15e0bdcc615ccd

    SHA256

    82042def786868b73d9745d09b40336a94dfbe38f77f70e8dc3c0d4c5d65742f

    SHA512

    b829f6623f8a4ef39fbf9551c80c850786ebd0045a7f0d5c5e6be2140663567fd6a6ba2ac948646a25a21da23cf56fdd8b6203d8e4232a95a9a5f18c359f5c1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM94C4.exe
    Filesize

    14KB

    MD5

    a22899caf97860655b72561c8f868e41

    SHA1

    43d9ab47ce36ebe6194994c9c5fb250406ae1253

    SHA256

    89fd645dc450a7a433da11312c7452df2a266770a2b035bcbc37f19d5bc5c8ec

    SHA512

    b2e9d0e911049dafca808ab9123cfd7496b067e89380aaa2fc8aef7ca65a6f9865065b1cb0b2474be95843edebbebb7a95206bbf35d2602c90e7092b07e03aee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME501.exe
    Filesize

    14KB

    MD5

    cb679c6c9446d571a64fd254da6c1acc

    SHA1

    03364702074c1e5bf92f229e1c74e6902ba833e7

    SHA256

    cb112c7068d3b280b2d7dd78f9826eb05599aef7c5ec3ed8dbf6bd260f770f7e

    SHA512

    3f0e37c0f0d364895349afcbc75ffe8617b4e3f984d95c6a3da308ad65423174c626282b5ccd923f3acf97b0945283872e98aab133cb0ac1e1753feb46f79c08

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME819.exe
    Filesize

    14KB

    MD5

    4b4f54d0605cf61908ffd7af5d57d0f6

    SHA1

    c4b7e3b9cdc2ecc390bfaf9711e421a01a81fd31

    SHA256

    e25f7b4ad5b745149c1c45a9072e4f93c8238343e2378cda9e44acefd0ce2367

    SHA512

    a1ac59c7f7d0aae127597fe3e3ece4edb4726a82946ae6358b16c9631fe72f1de28311ece07eb29da9194c80aa7e6da5d93a703d3cda8f9c244a5e068f0e6a82

    Download Submit