Overview

overview

7

Static

static

3

bd46293e1d...18.exe

windows7-x64

7

bd46293e1d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 21:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd46293e1dc0d63da88c3a151662e7ee_JaffaCakes118.exe

  • Size

    567KB

  • MD5

    bd46293e1dc0d63da88c3a151662e7ee

  • SHA1

    d24e2579d51f72395c63f1b58cc803908fd47b7a

  • SHA256

    ce5353d555db90731fa88b241f0cbca3af458243955de96c631b774280250e88

  • SHA512

    af562c720a679ac249aa035bf6bd92bf5633c354481f2f12ff3229e0aa4b157a259514fbfbe31deb98d719412f27b04b55fa2cd5377832a9feb1f5c426d765d2

  • SSDEEP

    12288:0PfUbGcThaP29kDD6iLf1QZ6A3wsPT1VqnBgGX7Ux8L4k7VWvM2q7f:0Pf9cThaekv6ixQZYk1gnBgGXvL4aVgK

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd46293e1dc0d63da88c3a151662e7ee_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bd46293e1dc0d63da88c3a151662e7ee_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Admin\AppData\Local\Temp\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\irsetup.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4548
      • C:\Program Files (x86)\Srng\Srng.exe
        "C:\Program Files (x86)\Srng\Srng.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:5820

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Srng\Srng.exe
          Filesize

          224KB

          MD5

          adb0bce8e32c0ff1b720fc9e9a2ae2c4

          SHA1

          12b799fe1e03cea03367ba00bcb44e338fce5156

          SHA256

          8d9b21a2cfe835116e05aeae474b03a546f010f4b10ab991be4149d6cfc78b13

          SHA512

          d780c764749469b28e66f8c777f337fc2fe8d5c055d5b1c8ef972520f0d76d2d5d8bd8301baea32ec4db1d83f4afa122afbf5509fad2fe3edb15887e51be4ddc

          Download Submit

        • C:\Program Files (x86)\ieshnv.ini
          Filesize

          17KB

          MD5

          20c61ffe29bf73f40abb855b8fb4cc84

          SHA1

          08ec4bd0eec92a9c3fe85b013c464bf93ea6a235

          SHA256

          e6031617b8677e5936f1673b1e669b7be7d082632410353df33eb009de0e03d3

          SHA512

          67a23974d3456e8f2f30057f054c7ebc5b78a3e5484d83e2c35e803870542b7db31e66f6669fd0918a3f6da2157372c4f4cab480e7b312f0129f02c91e239f45

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IRIMG1.BMP
          Filesize

          7KB

          MD5

          e29a24e189e95681bb41f73c16747fd8

          SHA1

          e9269bb9cb6f2b700fc78f92066f31b15a9c5c2a

          SHA256

          3973d354045be781eabf9114772fe2e5e96d1e557793de10c914d901b16e8c09

          SHA512

          4c6db25e04acb8349da29249f712b20c217d792e6d5fd40af9b398e2617d5168ef0afc2505a05b0833b90165d5e5eaf2e98d1821e855a99fc7833de52154ad94

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\irsetup.dat
          Filesize

          35KB

          MD5

          f4cd73d49a4333bc49365e23f6bb2a95

          SHA1

          db4a052a894003e3aa87280295ede7bb43a39ec2

          SHA256

          27159615b411989303bc144e061cac29c1b09f76c382953323083cd9b3e74b96

          SHA512

          9204c4b06c2c11e4efcc3a15c3a7fc03ed62bc934358c3d84ce4ef9babe0025d5d71d878a3dbfae6b39befab8792236fe9ad5e3eead8f48c3861062c4beec796

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\irsetup.exe
          Filesize

          720KB

          MD5

          456462905091db042141487fe030e3c9

          SHA1

          bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7

          SHA256

          a93dc5e28d74ef40dd5d694aff7fb5f24c27dac4b59adae008cfdc5ca65587b0

          SHA512

          fdd82c126189454352b44c756be06e3e93ee26a93b56d99c3eb5254cac3f6d6ed71556765b76e65bd75efad461972044ce829443c006fc0816a28f7b4493296f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\irsetup.ini
          Filesize

          119B

          MD5

          03bb733b500ef1f41487b6b313b875be

          SHA1

          d1cddbbc521936005614e37c50b2181fe17bffac

          SHA256

          2f126be279a3f4b5582861198004b94e0f51aac70cf1ea214b8476e4cb667e03

          SHA512

          36f3f88d96f8a66f8d4b2ce65773754b054a1e2c21259596c61d509ea878040bc3308ba34d3f772b1f2d79ee74851a6f398a08eac01fcb1a28ae125976d26c2c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\suf6lng.9
          Filesize

          15KB

          MD5

          cedffa2264d312a7ca515e64ff34b814

          SHA1

          3f2c492765f8e6f50ec8b0d3580a8b81f2fe108c

          SHA256

          b13b8d36a80294fb22f2e166a307f6dab26cef2b7f4be3067571731d7cdf424a

          SHA512

          3c42ba97bac9aefeec0c1190c9375893eafb8f230339b141a1fdacb51ff994f9d362988273a53144e689f90ef62dbee0a2063e49523d73ce55a6e72673f9b638

          Download Submit