Overview

overview

7

Static

static

3

b3158f350c...18.exe

windows7-x64

7

b3158f350c...18.exe

windows10-2004-x64

7

$TEMP/Bett...er.exe

windows7-x64

3

$TEMP/Bett...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3158f350c9aee57a980380fdb2dd4bc_JaffaCakes118.exe

  • Size

    154KB

  • MD5

    b3158f350c9aee57a980380fdb2dd4bc

  • SHA1

    b2b8b1abb81415120ceb131c3df711803c8ccff2

  • SHA256

    600a39d45062a6540fa202497c6a234fe6073aa3c2904b74ba8ba43077578966

  • SHA512

    7755e0836638f6e9b19939f65bc0388aef12779c25750140f5d30458148ec63ede87dfd397b4eb2fb0440cee1bcc6815048bef5ecbdd10295b36a3817c654e11

  • SSDEEP

    3072:S22ihA0m3BJP0AY1d8kXy3cdv/1mzbSWYlANu9yf:NA0m3D0AYj8kXR31mzmWYKOG

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3158f350c9aee57a980380fdb2dd4bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b3158f350c9aee57a980380fdb2dd4bc_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe" /affid "awcaaresgalaxy2" /id "aresgalaxybher" /name "Ares Galaxy"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BetterInstaller.exe
    Filesize

    207KB

    MD5

    d79b88bab3231ebebd3c6505ab68ce56

    SHA1

    3222e8dab740ba1d640cc66a9cd36070969deb80

    SHA256

    d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec

    SHA512

    b8afbd52e74d8611714a33bd80a907be8080195bd574ceb0aa8ce44520c9cf6c40ccce4a4db9be0808b8b5a6b7b0fee17ee42f9cca67d69152dd1f1d8ddd99a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\config.ini
    Filesize

    97B

    MD5

    9b4b4386fc25a98a036914a59a2fe625

    SHA1

    3e61e693e5ff21b8fc3e2d625586122036b5ffb6

    SHA256

    c04c3e57c8167c4dcdb3ad60d395dcb2d136df69b302f8c0d31bacede5b76136

    SHA512

    631205d81dcd5c92f6fe830b24fc5ca1f4e247ba7331d6e2417b8820dcf9eed013c2ba47808c4b434e402f33b139507c391ca2648d28633d7f7c2b77d147da28

    Download Submit

  • memory/3152-15-0x0000000001180000-0x0000000001181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3152-76-0x0000000001180000-0x0000000001181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3736-14-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download