Overview

overview

8

Static

static

3

add5bb2d2f...18.exe

windows7-x64

8

add5bb2d2f...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    add5bb2d2fe8682a4c06418264237c23_JaffaCakes118.exe

  • Size

    93KB

  • MD5

    add5bb2d2fe8682a4c06418264237c23

  • SHA1

    2ed74bff7a9689236e5769999dc3df617ab03fff

  • SHA256

    2e87159b9646f3de408e8044a8288e2e80cee031d8d34e39bb72490f67c92fe7

  • SHA512

    b5b072d7e206432b1962f8a90256d7d0493b9252938bbe36662f8905c7f28abf054e85287f22f6d4bf76bb50b6e1c79fd374ec0f3a1b0c1d49b21456af1b0f1a

  • SSDEEP

    1536:hw27BSppCLNbMWAq8FhfJlU2kzTqBUEcmGFEwx4YachU53rktPJk14NB:+27BSpMbTehfcqclWYachkrOJk1i

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 23 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\add5bb2d2fe8682a4c06418264237c23_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\add5bb2d2fe8682a4c06418264237c23_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\qbgwxowa.vbs"
      2⤵
      • Disables RegEdit via registry modification
      • Checks computer location settings
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c 1.bat
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3576
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s 1.reg
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Modifies Internet Explorer start page
          • Modifies registry class
          • Runs .reg file with regedit
          PID:952
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c a.bat
        3⤵
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2956
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c b.bat
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat
    Filesize

    16B

    MD5

    19298fc2d69539b3e7a2646ad535348e

    SHA1

    0ed0cd723cffcd5d0e0dc8e432b1b6360ce054e5

    SHA256

    fad78afe6b9df2c02a4666413d0c4e4ee623bcd5ed8709352a34b0dfa6ced841

    SHA512

    6961e13a2cd835f879371f2e14f17b29218ce2b64d0ef8a5aa7eb86eb94afdc02d70e02d6cb6d59208a0aa2be31319283923a506b76f67e7b4f966bf506b7469

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.reg
    Filesize

    634B

    MD5

    7156ff7b56da5aa12df9778b5af61533

    SHA1

    a397c1ae6c9dbcc751d7c51a8dc0f2808fc46d4b

    SHA256

    069646a4a95dcd6acb1ea8fa97849bc7de7b89eea540f291afb9ad640f5108cc

    SHA512

    4f644e16e4fba56d221eb83c0ec4798c20ddf5bf34472d63038879b2374e88ebef83b66f6637dfc084573a0e58742785da9c359cb7a500b4992890aefec30181

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Internet Explorer.lnk
    Filesize

    668B

    MD5

    0d48010a1419fd5858427015741ee94e

    SHA1

    d9fe7a09cc8f7549a86122e368b518ebde38b25d

    SHA256

    36e1ec77e457dd470fff50d1ed58c1878124923c39db77e5efe5e4340f329c0f

    SHA512

    64bcdecff97e4956acf0c7d6327384e217c5cdcee909687b31dc0ed1a89180f1ada21a798dbc7d12480761cf855ee90e4da6a0b911b2fda163dc8ff00c727200

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\a.bat
    Filesize

    613B

    MD5

    00f92b3b32d6d12b058461f4065bc112

    SHA1

    236d18603a5bf0d460322f23d3537c1cf4e5361b

    SHA256

    6d9aac9ee437e2ad0403e63aeb6b5d0c9061ce32c8f2bef0ef58bea85a744119

    SHA512

    176bb2e0306d45742eb9d630cf3250294e40d358a48f0e6d5bc9c9f7de791e7aa11ba70033002f50fd21e2012f6fa2363a6f008c7ffdcc36af184d08f25c5aa6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\b.bat
    Filesize

    356B

    MD5

    a91db1741e4ac9650a9ef83ea63d45c0

    SHA1

    67a748aa168fe2838ed3747dfc07ae03b270e513

    SHA256

    a963adaeb1b74bc0a31df13bed4f47f42bf7da013e96c40c551f9b02d7502418

    SHA512

    de26ad557fbfcf092f4543cf49ce739098b6d19cbbbaf90adc5d01f9f15a43c7c372eab1b789a7945b1afd1b3453b7e129a1b04e743bfb81acf769ded34df2be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\qbgwxowa.vbs
    Filesize

    3KB

    MD5

    1e0b2773b0a058e14fe1cb5d671ae30f

    SHA1

    99465809e407c5816fd063e402a37bb69bb1a9f8

    SHA256

    2aef6a6594cecc92f53b837a20ed842ae2d72a8e9007d59a5ef7c0c7237f374b

    SHA512

    6045cb0afba4345601aa089aec1eac6b5003d38f733a39178988755bb5753c4720065d5c8a320ed5ac8a0258123aeaf93651fc32f5109fe537755cf780eb40f6

    Download Submit

  • C:\WINDOWS\SysWOW64\Internet Explorer.url
    Filesize

    196B

    MD5

    c680c698f4bc0891debad5b0b18722e8

    SHA1

    3f84446a44219f7704a7e451262394909263b4f7

    SHA256

    e53edd80e9f8017a62b8654c067b5e14e40a4bcfcd3de285cf6867b1a207764f

    SHA512

    c4c4875c119db5480a49be0e4372f07ff7b1d40d8b31c21805a9bb4ceaff070de8a2b3eb5752ea35af6145d67be7b36e5baae5b127d246cb860e3d5e62fd68b5

    Download Submit