Overview

overview

7

Static

static

3

a9f573f3e6...18.exe

windows7-x64

7

a9f573f3e6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9f573f3e6cd023f7e7813eebb6edc26_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    a9f573f3e6cd023f7e7813eebb6edc26

  • SHA1

    0c0255c2d631a1b844f7f6366dbe596ef741aa8c

  • SHA256

    c9c3600ef6b80e527a85775a2e7622ea9aa0fae133fdf9712770b77b19e145b3

  • SHA512

    f165e5b57aa6b1452dc57a05eb3bbc98b74448fc32cbcc15d7cc22cd0595ebdd22734ed70a8b434d0d98653f6a71734da09c256196353a57b891c6b19b42cc8d

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYJGD:hDXWipuE+K3/SSHgxmwD

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9f573f3e6cd023f7e7813eebb6edc26_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a9f573f3e6cd023f7e7813eebb6edc26_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\DEM8BF4.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8BF4.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Users\Admin\AppData\Local\Temp\DEME290.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME290.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3324
        • C:\Users\Admin\AppData\Local\Temp\DEM389F.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM389F.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2516
          • C:\Users\Admin\AppData\Local\Temp\DEM8E51.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM8E51.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3380
            • C:\Users\Admin\AppData\Local\Temp\DEME460.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME460.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1060
              • C:\Users\Admin\AppData\Local\Temp\DEM3A11.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM3A11.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM389F.exe
    Filesize

    14KB

    MD5

    10e52d47ad1723880e58498b4c0b3c44

    SHA1

    ffa65b9ac5e9fe48a92d3c6591434070e2407a31

    SHA256

    82567d3f36b77ff2e9a28aa1b48764e91a32de77bf4d5e68c29e4dad4526699d

    SHA512

    f0f9d094cd8b9b51e5493d611d07cbb9778ee44428667ca865458b24194e0052855f1eb238e902300b88ae3066fca3eadf5a97c09f9bcc0c4ecfe043f534cde5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM3A11.exe
    Filesize

    14KB

    MD5

    bb09aaa1d106c614fa867d8debdbe8e3

    SHA1

    d31d92da02c3f9e9a127e6e824546eb2bb3309d6

    SHA256

    d28c235ca742dd2d9a9344093513a73850bbe99594d3ce233504d870bcdccfb9

    SHA512

    a306ee4bd6610a5673fc5de87afc446ed23cab5b9b4d3466de90f53248a83f4abe27a15c2d4b92526fdbbca604752769933468591068c77e53a7640ec51635a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8BF4.exe
    Filesize

    14KB

    MD5

    8e18d2cd58b90d3c179d977d3c282fbe

    SHA1

    dd2beb4ed475ec41dac367c533d3b1418f0cf6ed

    SHA256

    fa9c868aa8644cca63271d8a01fe57a04ed51cdb7f046097e3baa2945e4d52e2

    SHA512

    3c2affdc38cde5ebffb99a822ce83ae63d67272f32298dd9a134c7b6e88c0943dff661579577660dbbba229c47fe28f41e678eec8394f29fc5223be6d4e515e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8E51.exe
    Filesize

    14KB

    MD5

    395f6d503c4c1135c0985c88da03cf90

    SHA1

    4a3ca260ecfad4ffe8129413cf7cca8ed0d7aae0

    SHA256

    3952965d232102e96877d307523b12414119c9de573deba6ac4269240be3d54a

    SHA512

    d4cb92dbee5cd2fa1d3c1cfe73642e2f5fa2154147a9ff54e42e67caed1c6713964bed4f42b8fbd564c522804e76d55f0094f1f7fed2821021cd65302e28b99d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME290.exe
    Filesize

    14KB

    MD5

    7d8eb974b0d6c480cf7a12dd417bd517

    SHA1

    811b4002c2badebd8f487560347d5f6f1fe8d059

    SHA256

    f501dfee6bc86bee985eb61ef9c43ee44747fa47fbe4b65a5864625766d270d1

    SHA512

    f8df2e340362687f3ef2bfefc04d555c79698e2ac151336ddd8be4c55e72a99ddf6a5ef7074a2c24945140d2de15937b3ca60de61b931bc5562d4ae560a9d064

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME460.exe
    Filesize

    14KB

    MD5

    9d40a6bf6ee76405d165aeb8bc50ed17

    SHA1

    797adba10debf00abd4382461ab9ec82ac348d7a

    SHA256

    d2adc45ccd58eaace225efc1264fe6948b8effbe462292bc9ef20d87c37f8a91

    SHA512

    6ac2ec7dce32fa49d16407d2aea7c4b9b2da4777a99a5b1c35814958b756b8cf0edef08d68646b081a10e8e83734b0674d48c0a5560b2bcd4f189a6cf6dbea5e

    Download Submit