Overview

overview

7

Static

static

3

a513d8a3ea...18.exe

windows7-x64

7

a513d8a3ea...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a513d8a3ea9691035cdbbbe24ca0fa0e_JaffaCakes118.exe

  • Size

    164KB

  • MD5

    a513d8a3ea9691035cdbbbe24ca0fa0e

  • SHA1

    64dadf3fb94f9e807a698dbfe69026abe79efe8c

  • SHA256

    04aacf70b8fa070c081be97bdfb4bf96fde07de6dd77efa24792dfb143e55d77

  • SHA512

    cb2a5d0f3086efb05d22bcdbf69b348c29440511068b9fd91c367c371288809281115858afc1cee3baa2a9989d7d4602a774ffd7a7a09865a10cf00165fed732

  • SSDEEP

    3072:dkzPTFRpCd8su3LW7YBo5JvvR0EGwfsnPV:duBnCd8s6LRBofvR0EhK

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a513d8a3ea9691035cdbbbe24ca0fa0e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a513d8a3ea9691035cdbbbe24ca0fa0e_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Users\Admin\AppData\Local\Temp\mmxp2passion.exe
      "C:\Users\Admin\AppData\Local\Temp\mmxp2passion.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3184
    • C:\Users\Admin\AppData\Local\Temp\eltfuntarg.exe
      "C:\Users\Admin\AppData\Local\Temp\eltfuntarg.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\eltfuntarg.exe
    Filesize

    65KB

    MD5

    ad2703fdd0d2f1c21b32e1ffce22bde5

    SHA1

    fc9499bbb31bb0b387677763fb85f41e73f13a21

    SHA256

    771a9b16ff1af5df7bc25de1da25c4201e522a3b2abf8883c617884af2f3176b

    SHA512

    50bfb10b1ebb0f0b35723f92ba10614c094777da9ca8566b65663c73e5ca72ae9707e57f5c7e7d718554079614e5210b5fb4b7a4fcc8349ab59c190d5c6c0d1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mmxp2passion.exe
    Filesize

    65KB

    MD5

    6fda70effe53d09b7426c669f48a6703

    SHA1

    cc5c52dcaa2d6954abea796ad2e427e895315754

    SHA256

    d90a14bf769ba77ed2acc65922a0637eddabec6cf88aaac4ecfaca39bd80ff32

    SHA512

    083df659bbc2bbd6da80bd5b2a742696410656c5af6baa15d7985038d9ec6916c8fa24ae352283498accd026cf6b09d9e09071d20bd7eff57d4ebe504a172cdc

    Download Submit