Analysis
-
max time kernel
135s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
16-08-2024 16:38
General
-
Target
9f255a5fd8e9cbb1e8c2b1c88d436665_JaffaCakes118.exe
-
Size
386KB
-
MD5
9f255a5fd8e9cbb1e8c2b1c88d436665
-
SHA1
b1583d74bd8eba91a43de585e4c13fa142441efc
-
SHA256
25a7825a3bb8e1777dcaec1627d0030492091f053d77d660aa026a7e80b0ce0f
-
SHA512
fa77764dcffabf9ebd295ddb741de5de8c1d899f20943579eff8c0aab8d3f204a5835e993271b847335ee6188db5bc6e3504c1e9b3b5f5f0c8d6c7aead25e27a
-
SSDEEP
6144:uptmZ62NlgsWxhFkZpXIGWvDwYNSZZa2TjaFJ7eIbH661cdfFI6u:StmLb2hFko5NS3LTk7pvchu
Malware Config
Signatures
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f255a5fd8e9cbb1e8c2b1c88d436665_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9f255a5fd8e9cbb1e8c2b1c88d436665_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84B
MD53a0c056fba2bbf42f9666d4fc3c900b3
SHA1e56d46d5969470e54228bcc9a6eb4c562aeec6a0
SHA256360c40d068ab4cda089db1fce7f4225bb915810b21bb9bf9e51b1beb49edfda5
SHA5128da0bac2aaea0f1a6ac4aebe9c252de96289d3f063a649df2ee774cbaeb961fa4163f0992f26fb620a1758d6d4bd88da20c90ee261f004c71e4a3b8e45f3e689
-
Filesize
386KB
MD59f255a5fd8e9cbb1e8c2b1c88d436665
SHA1b1583d74bd8eba91a43de585e4c13fa142441efc
SHA25625a7825a3bb8e1777dcaec1627d0030492091f053d77d660aa026a7e80b0ce0f
SHA512fa77764dcffabf9ebd295ddb741de5de8c1d899f20943579eff8c0aab8d3f204a5835e993271b847335ee6188db5bc6e3504c1e9b3b5f5f0c8d6c7aead25e27a
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
664KB
-
Filesize
72KB
-
Filesize
9.6MB
-
Filesize
9.6MB