Overview

overview

7

Static

static

3

b8d4f11324...18.exe

windows7-x64

7

b8d4f11324...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-08-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d4f113247f3f4990e2f23ca511e0f9_JaffaCakes118.exe

  • Size

    1000KB

  • MD5

    b8d4f113247f3f4990e2f23ca511e0f9

  • SHA1

    52ed48cbe8d3d2883934dc24f5e2b8b3757bdfd0

  • SHA256

    f42f01c1affcc8a2568aa00c96bd1a066c2871fff6342d70c46fa97f3e4b8944

  • SHA512

    f6d0024cf2b1684c8461a6f969b5dee4199e53d09a08186de80167f91af7f97f36914f264b2008654c2a32f55537c33b5c74b420f8c61e52c9e5c47afc552995

  • SSDEEP

    24576:usSJc5XFE9LZwei9/hkad9MiTgoZ95w+QIeh3THCKbjYJ:usi9Lxi/lgE95whI63DCqjk

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d4f113247f3f4990e2f23ca511e0f9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d4f113247f3f4990e2f23ca511e0f9_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Users\Admin\AppData\Local\Temp\showflash.exe
      "C:\Users\Admin\AppData\Local\Temp\showflash.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Users\Admin\AppData\Roaming\taskhost.exe
        C:\Users\Admin\AppData\Roaming\taskhost.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1452
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /A /C "cmd.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4856
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\showflash.exe
    Filesize

    3.2MB

    MD5

    4ba92ce0aabe86453b4aa62898ad4d4a

    SHA1

    bcecf0202708813d3797f909a2a1db8823c94315

    SHA256

    2c81c56dbf8dc2365f663c455bd1d50a422bfc11a34c9ffd39c94b0cc346c509

    SHA512

    f0dd8e96843cb5afd87444ebaf70cc3e6af2c3afd16fe551ac0876dbd4652d4c03d53d12780b423e24b94066b754c3be887c6771c2b3beb162cc97841ba175bd

    Download Submit

  • memory/1452-57-0x0000000002450000-0x0000000002460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1452-49-0x00000000022B0000-0x00000000022C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3320-36-0x0000000002690000-0x0000000002775000-memory.dmp

    Filesize

    916KB

    Download

  • memory/3320-28-0x00000000008A0000-0x00000000008B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3320-20-0x0000000000850000-0x0000000000860000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3320-12-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download