Overview

overview

7

Static

static

3

a15f260e44...18.exe

windows7-x64

7

a15f260e44...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 05:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe

  • Size

    68KB

  • MD5

    a15f260e444b3483e2f6032a3eab6831

  • SHA1

    836e4e34ee9f1b0d3be1852d13aaed1544953dc9

  • SHA256

    dbec1cd74d0edf8e8dca8346a0ef5240429c2e7a24cf548a2ebc8840ca834025

  • SHA512

    ff76b6bb2d3f7090ef47e3d0327a0ee82a48745d2b4de88150d0cc6b385f90c97336bac1d377562b765288e34f0ad9f00c6227402e1280fe90a768c408b67f33

  • SSDEEP

    1536:wkY8rF6Fjs2Buk40uJ8JFse3r/FQLTIof8fOD:gaF6FISxuJ8J+UWD

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Windows\temp\1\a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe
      C:\Windows\temp\1\a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4004
      • C:\Users\Admin\AppData\Local\Temp\2005-06-23\ebaylink.exe
        C:\Users\Admin\AppData\Local\Temp\2005-06-23\ebaylink.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        PID:4052
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\_utee.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2005-06-23\ebaylink.exe
          Filesize

          35KB

          MD5

          8f23a2d2e6dcc3a3a61a5a0766b8daa2

          SHA1

          3648c6e44bda3607f6da965e185aa33095253fc0

          SHA256

          aa2b75b3c5f2bd4b73976ec91921e03789aeb0d39d06684725509ba0912edc63

          SHA512

          b9c293c22c2917464d89cb26d6faeed037be380ea95a073c2f00a7cbccd72b87b5285acf87faad9f172d90560d28b36592da53fe7a5df607be80b5f42e5a2e89

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\2005-06-23\ebaylink.ini
          Filesize

          1KB

          MD5

          ad24e4fe1cc8637d76770c0406660b8e

          SHA1

          50ff51fa47c8bfa1d7af29f557d1e6bc444b36dc

          SHA256

          4d36bca6a82a03bcc43fd51f951e1171703238939fff39f9f549e05e099e83f8

          SHA512

          c7497126a350b87cf91e72002d2e43160a739f79c2dcb85a61f35dc5544a786abca3a6a1835b262b33f056a43244aee2076ccdb82bd754a7d7699b008a512f84

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_utee.bat
          Filesize

          212B

          MD5

          cd8ca9c5c361c9771e4d8886521df9e1

          SHA1

          987bb3793ae78650697a9ae1974c1c8f982e8109

          SHA256

          945488a27929f401bbe4f7442af1f116b39673a5c8068b72a9e9416d1e94867f

          SHA512

          df9e41bb5cb107477cad98d6d5ba5f7dbe5256c8d3898f270b2469c3d55646d65ca61c54232e9a0887bd195d2678c5110f3720503dabafa88709a5e61461eb62

          Download Submit

        • C:\Windows\Temp\1\a15f260e444b3483e2f6032a3eab6831_JaffaCakes118.exe
          Filesize

          51KB

          MD5

          34d0964e5953760a6640e76d8c611ff6

          SHA1

          17768ff1bff5b520d13b29e48d359742a43ee4b5

          SHA256

          88020a96efbc5d236cc0cce747d743e13b49c3dc06afe303cedbc18ff8ae21dc

          SHA512

          9e6e4756de2e5a8b3886766fc5568a029af93e8e8a86d1b9c5b553162f5c71c31ddb99202aa17fe441cac30a437048cca11665df3bd358057a80054889c7a218

          Download Submit