Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-08-2024 15:32

General

  • Target

    b82d1cff5aa85ebd804d927d80497198_JaffaCakes118.exe

  • Size

    383KB

  • MD5

    b82d1cff5aa85ebd804d927d80497198

  • SHA1

    fbedddc09a4289f7e71234a34994523d19dee6c5

  • SHA256

    bf6701b1b532beb1c319bad6e58060546a0d3a5ec3e37e614d1044783337199c

  • SHA512

    44f757b8b352f39bcc1b72f324a15a0e823f1f6d77554a9060a05e3bdc8824452a1cc38e099fd2b73132bcd4264c04117be5f27ec85e271ad6ed69e1d788864a

  • SSDEEP

    6144:oo/MZP+H/3L56PEUzduvxw3gy8nQ7I2ToIk4ou1zCIufyRd1mJJ4HdRpyjsZ8Bz7:pE2HDGUvnu4You1nLRrY27pp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b82d1cff5aa85ebd804d927d80497198_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b82d1cff5aa85ebd804d927d80497198_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\wninstal.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3604
  • C:\Windows\ddgop.exe
    C:\Windows\ddgop.exe
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:1504

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\ddgop.exe

      Filesize

      383KB

      MD5

      b82d1cff5aa85ebd804d927d80497198

      SHA1

      fbedddc09a4289f7e71234a34994523d19dee6c5

      SHA256

      bf6701b1b532beb1c319bad6e58060546a0d3a5ec3e37e614d1044783337199c

      SHA512

      44f757b8b352f39bcc1b72f324a15a0e823f1f6d77554a9060a05e3bdc8824452a1cc38e099fd2b73132bcd4264c04117be5f27ec85e271ad6ed69e1d788864a

    • C:\Windows\wninstal.bat

      Filesize

      218B

      MD5

      343b12223d2e03162a5334cce0a79d43

      SHA1

      f6c83adf3109dad858627b885b10bdea3822cdd1

      SHA256

      02af40c65ae92b280154b63e719af157aa27e475ddac5d9c66e912c49d6ce39c

      SHA512

      ac47008f9caa4f1d0cda934c6a6014e5a0054d215d32107980e6b1d2d583d26ce6031a051b61e31959d90af0533036a98724016ed6b10a2e66bd921c39ce7be5

    • memory/1624-0-0x0000000002160000-0x0000000002161000-memory.dmp

      Filesize

      4KB

    • memory/1624-8-0x0000000000400000-0x00000000004CA200-memory.dmp

      Filesize

      808KB

    • memory/1876-5-0x0000000000E00000-0x0000000000E01000-memory.dmp

      Filesize

      4KB

    • memory/1876-10-0x0000000000400000-0x00000000004CA200-memory.dmp

      Filesize

      808KB