Overview

overview

7

Static

static

7

bac6e19829...18.exe

windows7-x64

7

bac6e19829...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 07:09

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe

  • Size

    604KB

  • MD5

    bac6e19829565602957af9ad05caea1d

  • SHA1

    318771bc62247154a114eea473f21481a434ec04

  • SHA256

    c22472bfe3243d6eff9a1fde7a6beba09fc9f4772f098a6a9c0809a67c1c328a

  • SHA512

    82f4f1a55a55566a3cc6faa2852fcdf1dcac008befb1097f16a8784ea32270508e1155329fa76f51d42a62cdb7104a91377ecee287a08a9077200ea8a66c4a9c

  • SSDEEP

    12288:czjnJWbz1zM5DiintQ0kyfXs0qT6ATQQfkCTkLJI5HVX7frTp/NNY:czjngdWmin4qMT6GQCTk1I5H9frhNy

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 55 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Users\Admin\AppData\Local\Temp\7zS7CA2.tmp\setup.exe
      .\setup.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1600
      • C:\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe
        "C:\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe" C:\Users\Admin\AppData\Local\Temp\7zS7CA2.tmp\SSEset.dat /BS
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:5056
        • C:\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe
          C:\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe C:\Windows\System32
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3928

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7zS7CA2.tmp\Setup.exe
          Filesize

          356KB

          MD5

          d7573a4f9421963e3c0dee610e90ac26

          SHA1

          9938c4c56dde9d7b8f459eccc54882ae81d9e9c5

          SHA256

          934efb60472a741c4d3d0e632e3c40fc872e77d8add7c7a764a839c95f4a892b

          SHA512

          9e5409b8f5125490c0761e7aa16df77fd6aba6f0958af82829fb0e5a7ff1446533f4a6b6f379cbc81e8ca7b876010c497fdb13445fd21a490cc4b7fb69ec4289

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zS7CA2.tmp\_GUI\DMINTERCEPTING1680X1050.JPG
          Filesize

          197KB

          MD5

          1976dfd5a2c3c9bc025d461dcb25a924

          SHA1

          069bd0641610aff3c7759eca8f65fb2e277d232f

          SHA256

          d7ba5dc819c4d8a440fd4dd971071badf14c0e95cca4cdb3b35b553f0371be73

          SHA512

          8d1351292c442667b36955b7b6d6cac81f3d9224484599504c22980d152a47bd2fd147b86f3922adb6319d3f5c93b0b4debed3ff6c1c77c489be9e733ff88f03

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe
          Filesize

          68KB

          MD5

          2b0ae23dbad1e46c174418c08c2c8e85

          SHA1

          d96c7be5abddcb0e957548f7f0fc99d3d9c229ee

          SHA256

          0ba07c3db681f9c948a90926bceb6677cf6086fa885581625433df387a40c7cf

          SHA512

          70f74c3b320a8b8f4d6e8ea3abd9f7f080955bcb63dbcd09db864f160d7bbcce6ddddfb904073cc4b74f1045dd9a8e289ae239c29097888aff0533012f518b59

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe
          Filesize

          324KB

          MD5

          819f8e80e1642a6c7a32ec90e7b03a52

          SHA1

          eeb2c812023b41f9716f2e836578be0e7b86bdcf

          SHA256

          47b7252a6dad7e4f69b9e9d22ab0b17dad21cbf239476c3702409fc8aea8d773

          SHA512

          359d2e5f78ab95f25ad82b095c24b08fc379663fc3f9e279bc38974a8912a5dfca753105ac6d87872d7c13aea0c2228de4f3ae155c9eaca3e23ed2b000755a3a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\SSETEMP.GIF
          Filesize

          7KB

          MD5

          efcc6674f49e6cb07933cda8b3ba2afa

          SHA1

          64b7384a89d1a22cceb80a2010abd65766bd486b

          SHA256

          59140cddbd5724469cdd2c729f054c1eeeddd0e5d0cc634ef687362f241c7f81

          SHA512

          171c2c8f6e87e70dfd2187588c224a198d337dafe9e7389f4d23c4067054f869936fc4c62cbaf9978247c1cd5f63ad2dad1997cd1de47472d44c524d302937cc

          Download Submit

        • C:\Windows\SysWOW64\Gif89.dll
          Filesize

          43KB

          MD5

          fb00273cf7ce639c136853f3fc04b10c

          SHA1

          16e612d7a4f210e78426577cd77f349306ab018a

          SHA256

          d4916f5c35a94e87cef46a63b4f19fb842252e0e2857b7804c808c94926156e0

          SHA512

          5e4bc9ce74bf81171e4a7fc6168b0dfc50268ff0069549bbf7cd0d480df9882911f4a31183d8d6c0222bede39d7d3216ad4e8c553501c376eeb0abe454fce6a8

          Download Submit

        • memory/556-0-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/556-53-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/5056-27-0x0000000000400000-0x0000000000519000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/5056-46-0x0000000000400000-0x0000000000519000-memory.dmp

          Filesize

          1.1MB

          Download