Overview

overview

7

Static

static

3

8bfb6e867e...18.exe

windows7-x64

7

8bfb6e867e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 21:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe

  • Size

    948KB

  • MD5

    8bfb6e867ecd0bf4e8ffa8f53fb9412b

  • SHA1

    3c1e171600e37e0c412e09221182a20f217dd6f0

  • SHA256

    a80a01c26b117d0481e5a271c8e449a19b6e127cc4d40b2692c2f01e798c6dd2

  • SHA512

    0ea5e22b6c32e0dd0a8abec44f5e812b83c5b4533b7855e3d5cdbb27bf0847269bce902a34840ecda949b919169393c3270f1dc4cd2bb94da4e9424b8bf1b3ae

  • SSDEEP

    12288:7qmpplpGoGL3etQoMiXM8gxf/Sj4yToPwUDfW35/awKh/wL5/uK3aK4UKCZf38+N:T563ey8gZqj4yToPlv2V/DK7UKMkkeC

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe"
      2⤵
        PID:1184

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\PCGWIN32.LI4
            Filesize

            528B

            MD5

            a5fac12e57ffd36638b2e01d4dcf3ef7

            SHA1

            4023fc1e0cc93835519a66ae148e6cc3b72efe72

            SHA256

            13ff5b78928991eca815b43ce11891b5af715c6975d47b623a95517520254dec

            SHA512

            eb082159931b57f4b68b9038cab7f16bd52fd7e9353031679abcb75ed7f48dffaf952865face08d5076ae382e51e15a4d1da5ed289c6ae88d57f0c66dce73c62

            Download Submit

          • memory/1184-14-0x0000000000270000-0x0000000000284000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1184-13-0x0000000000400000-0x00000000006B8000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/1184-10-0x0000000000400000-0x00000000006B8000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/2876-8-0x0000000000400000-0x00000000006B8000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/2876-9-0x0000000000220000-0x0000000000234000-memory.dmp

            Filesize

            80KB

            Download

          • memory/2876-11-0x00000000027B0000-0x0000000002A68000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/2876-16-0x0000000000220000-0x0000000000234000-memory.dmp

            Filesize

            80KB

            Download

          • memory/2876-17-0x0000000000400000-0x00000000006B8000-memory.dmp

            Filesize

            2.7MB

            Download