Overview

overview

7

Static

static

3

9eab3edfbf...18.exe

windows7-x64

7

9eab3edfbf...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-08-2024 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9eab3edfbf5c7c1cd7f01d67a4d8cff5_JaffaCakes118.exe

  • Size

    5.0MB

  • MD5

    9eab3edfbf5c7c1cd7f01d67a4d8cff5

  • SHA1

    2b67fbb0e6160374a686ce5e9eb8398fd3ee6dfc

  • SHA256

    32d845dc191a51365b007ea62a94b94630b68a464e9ed02367ee44d539a6952e

  • SHA512

    34fc89c8e2a148e04dd2544d4a4b62c60da1355fe061b2fc2d2bf91511632a74999de4e3fe2dad3030c3cbe7491b76ba3c6c7ff0f622de70335b138f1718df98

  • SSDEEP

    98304:1eMNaIfklPetXQi1GtdkEyV3MrYtaBApizVFy6efkLxK:rIIfYOXQjFy1MrYMWwohkVK

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9eab3edfbf5c7c1cd7f01d67a4d8cff5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9eab3edfbf5c7c1cd7f01d67a4d8cff5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Lanceur.vbs"
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Extract.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3332
        • C:\Users\Admin\AppData\Local\Temp\7za.exe
          .\7za.exe e .\WebPlayerTV.7z -pjesuisadmin -y
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4072
        • C:\Users\Admin\AppData\Local\Temp\Setup.exe
          .\Setup.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7za.exe
    Filesize

    574KB

    MD5

    42badc1d2f03a8b1e4875740d3d49336

    SHA1

    cee178da1fb05f99af7a3547093122893bd1eb46

    SHA256

    c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf

    SHA512

    6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Extract.bat
    Filesize

    87B

    MD5

    9495ff73014b8a17bd4798911ad097fa

    SHA1

    71b6db4d7e576cf8b1cbf93079397bc0c1ce46b2

    SHA256

    0a59275adf474e7164e14a7e622ecb93f3a1477958e6e1e0de6d7ae2c6913a33

    SHA512

    55062bb9381ac302367aeb43492613762434da730663891f577e050fcbc0993eaf19e96154adf4d669cb9587d8eef2a7ec96cb02b366db5d5c58b1eefe64ecd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Lanceur.vbs
    Filesize

    115B

    MD5

    67eb1322395d41dddc9045b4eef2309d

    SHA1

    b85b2332b9fd4ac03aec49a9291e90e8b96547a5

    SHA256

    56ddc657309aeab74ca42cf466deac992da8a0054830340ba839ffdf1d242be4

    SHA512

    de37b1358f639f6647e6ae99b6719a0ddf5e9b8f9e8ea33b6284ecac3d33650e9257a63697dcd5d79ee5ed2790ece0b3aca3332719f678ca89f3d4562b00603d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    Filesize

    412KB

    MD5

    fd0204d6a31f46cab30a9daa9daf487d

    SHA1

    0ee6efda883e4b2bb198911b0689122accb423af

    SHA256

    0148bca9e5e0687bbca31054089e580e9bf83686e4609dbdad90f2c45da578ee

    SHA512

    28f937cca8e35ee26d5146dd23089c6b8f227bf31515289a7e748dcdf47fe3352504c550598663c9c7ae6cfa0e2c44f2006a1d544aa064eee45964652ef70203

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WebPlayerTV.7z
    Filesize

    4.6MB

    MD5

    3d0532b8cc5d4b02f8fdfbda0b0a4b3e

    SHA1

    add33747eaca866931e662df1327cbf80836425a

    SHA256

    f6e53da2b3f8539f4adeff6941858ed53522f24e9b7b89e220e19c4fcc13331e

    SHA512

    b8b9967a4c430c332cfa0901f9d4c1e459185a8c5ef6ca0459990e5c8fde35dc72cb9331dbc88072ba4182f2acca11375f4f12490682e5e605c02b773e176343

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\config.ini
    Filesize

    383B

    MD5

    e48e0650aee7207a0b908d9830b0b487

    SHA1

    56d23ed45ebf1ec42914da69bdd5b890733744b2

    SHA256

    652034b9a3d29611ec91971a3f3d7e9438c0ed748f050df4329371ccf91da0ee

    SHA512

    c0ca42779a040e3aeaaf8d4f53d4ce17639dc82068d90d78830ba927f652c8127fca19321bddeaba321d9470d78892fa48d1d83dc9cebae1bdf88704fa0ae1cb

    Download Submit

  • memory/2180-525-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2180-528-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download