Overview

overview

7

Static

static

3

8bfb6e867e...18.exe

windows7-x64

7

8bfb6e867e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 21:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe

  • Size

    948KB

  • MD5

    8bfb6e867ecd0bf4e8ffa8f53fb9412b

  • SHA1

    3c1e171600e37e0c412e09221182a20f217dd6f0

  • SHA256

    a80a01c26b117d0481e5a271c8e449a19b6e127cc4d40b2692c2f01e798c6dd2

  • SHA512

    0ea5e22b6c32e0dd0a8abec44f5e812b83c5b4533b7855e3d5cdbb27bf0847269bce902a34840ecda949b919169393c3270f1dc4cd2bb94da4e9424b8bf1b3ae

  • SSDEEP

    12288:7qmpplpGoGL3etQoMiXM8gxf/Sj4yToPwUDfW35/awKh/wL5/uK3aK4UKCZf38+N:T563ey8gZqj4yToPlv2V/DK7UKMkkeC

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\8bfb6e867ecd0bf4e8ffa8f53fb9412b_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2012-0-0x0000000000400000-0x00000000006B8000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2012-2-0x00000000006D0000-0x00000000006E4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2012-14-0x0000000000400000-0x00000000006B8000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2012-15-0x00000000006D0000-0x00000000006E4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/4148-12-0x0000000000400000-0x00000000006B8000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/4148-17-0x0000000000400000-0x00000000006B8000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/4148-16-0x0000000000790000-0x00000000007A4000-memory.dmp

          Filesize

          80KB

          Download