Overview

overview

7

Static

static

3

bcea3c98d6...18.exe

windows7-x64

7

bcea3c98d6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe

  • Size

    43KB

  • MD5

    bcea3c98d62c936145eb118dcebcef60

  • SHA1

    042b9a11f23d4406846b9283f293d7c1f443f2d6

  • SHA256

    0b04fe457b3ba75d9106cd80120788726d2b74dac75d82548933debf6f9056da

  • SHA512

    fdc0c53eba4acaba71f0fdc0d37653147a9f6da4af2daf63c2d6f02bf2fb807ca6b362ddc1e99a1daafc0ab4c734920c004d60c48979733d6c373550004b5190

  • SSDEEP

    768:MHBOrTRmTSADtmn0BJY1QjQmqAaKk2r0ejzP/YeoxgZyS0QGuTS5ACgkDdUz912:MHBOrTRmTSABCsmArvwewS0QGj7Ddy2

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4200
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    c7e3b23826b88f278d1e288a4470605e

    SHA1

    57dfb4622f47d230bb3b7de93a1233fe63a371d0

    SHA256

    8a4a36c919799e5e243666866a97a65df2744184d27fb070858e7391b806ace9

    SHA512

    caec881ca9294c6d5d6f35dd502c615459bd86abfc91c6695cff34b17b637d210e7bb456f5311a78cf01d55a76a994c602205bf8d0b4c30302e4ba7bab31e447

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    940f2b1235778966714b4371ec17a12f

    SHA1

    cc3f2bd1d41d303ccf428b079cbfd32fb23c34a4

    SHA256

    65929e4297855bdaba0c3cd87e7b43de4e6ce7cf6a531cb8c37893b8cbf647f4

    SHA512

    c13ed8ca2192893d579bf716c62122051b0c44f8a7c9f1298eecdb6b97577a82735088280af6c46ed0b338f15b7fa9616148cb21915987ae39007b81f0c337ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.bat
    Filesize

    305B

    MD5

    fa62e68f80581d905035fd5b372b6389

    SHA1

    84f30e0a714070b38bf52166342f5758b67d7c7c

    SHA256

    a9d8b9ab68fb3b95f7dd9f4225a7957e362029228a040d6fb466e3e2b2861ec7

    SHA512

    c204e8d36ff7d6a5ad2c8770e999b73b01140c8287dc00352eeb47d7cb39bca44741b2e9d93768a20d1aaa2440726a691ee3b46f7602ed334d2ae57d5afeb51d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gosA095.tmp
    Filesize

    31KB

    MD5

    aedf6f88ce7b0590257d35485e677782

    SHA1

    213dfc8ea5f166d5218fd6bd5fcc717d4aeda04d

    SHA256

    f1d708d278de2acb411b12671fdb9ce281738fef2a9171a3287f6616e25089e8

    SHA512

    a35fec4cdb1be8144f29dcb69607d6ad83489dd3cf53fa89787bc3d9a936807a909868eedd5899224f118e0df991d4300d94a9b4f61d01e99a23e388d8a38f4b

    Download Submit