Overview

overview

7

Static

static

3

bd31b71524...18.exe

windows7-x64

3

bd31b71524...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd31b715240055695736145ea1f4e183_JaffaCakes118.exe

  • Size

    89KB

  • MD5

    bd31b715240055695736145ea1f4e183

  • SHA1

    7ed9549c82d9770ffc3924010e54e0fc7351c190

  • SHA256

    57f57718c7733628f1d3ac66db4d2d1815fd43982177ea869db955a17e80f530

  • SHA512

    3e78556cce4014e12910e8d2d042de5348406589281038c7e7ebd59f6c402261d90784f1dd2dfc9495f1e803cbcab9d00a8917be2e257563f1f67961da5fc603

  • SSDEEP

    1536:LQQ2aTmzPfYPZrk5SORqgBATkL+Z2AQp5EQLTihQ90:LQQ2aS7udiXqgBo++Z2x5EQuQ90

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd31b715240055695736145ea1f4e183_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bd31b715240055695736145ea1f4e183_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~9172.Bat "C:\Users\Admin\AppData\Local\Temp\bd31b715240055695736145ea1f4e183_JaffaCakes118.exe"
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1504
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "hkcu\Software\AUDITION\Thailand" /v "VERSION" /t reg_dword /d "~0,4" /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3984
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "hkcu\Software\AUDITION\Thailand" /v "PATH" /d "C:\Users\Admin\AppData\Local\Temp" /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2816
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" "http://audition.playpark.com/"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3792 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    c7e3b23826b88f278d1e288a4470605e

    SHA1

    57dfb4622f47d230bb3b7de93a1233fe63a371d0

    SHA256

    8a4a36c919799e5e243666866a97a65df2744184d27fb070858e7391b806ace9

    SHA512

    caec881ca9294c6d5d6f35dd502c615459bd86abfc91c6695cff34b17b637d210e7bb456f5311a78cf01d55a76a994c602205bf8d0b4c30302e4ba7bab31e447

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    863b5a0f26ae27e35c92ac9c874332a3

    SHA1

    43e10d990eba0ae785d539a56e48a17683dd3b0c

    SHA256

    c3e5befbb3b6c27235c6367fc7fb421de9b09728aef5c9ebd96df1bfcbe1fc09

    SHA512

    357c606184da8b555cd66846493764c9c2aa67f7320a3e5f30bd6d041a35c083ec483c40794b4523ab742fec1ab1d924647d9535fa6743029079acb814660dba

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1037.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\uoyvico\imagestore.dat
    Filesize

    3KB

    MD5

    b1fb0026114f8cb487a3e0bfb189a1ba

    SHA1

    d39db63b7a92c610094f6cbdd96f82884e0140eb

    SHA256

    8d03165e55ff3a848aabdd6a4dd241e58837e6b673c49db9e265025839760607

    SHA512

    5e66d553feba019dc0c9d2011b7332ff9b0bcba6a9ce104dae1d25ef556db4210b9980a30b91ffed5a35b898fc133acf9f30218a5e7f336683edf2e803105f3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F1EZZCYM\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T1CTRFUW\au-fav[1].png
    Filesize

    3KB

    MD5

    5acb81bfda3799da7127c814e522dcab

    SHA1

    5bb7d8eb39d8371453a8dcd6d17463c24e13bc27

    SHA256

    ec331be9d100dfed798d6a25a314d579428293af90dd71b209dcfd5d7718032f

    SHA512

    eb8be3640960ffb7d20524d3eadd3db9b13243d58af485d9ec870f175bfef37e7b01d108c0f5c54c8b93a396cc741119358b0f9ec6b4a3d45cca4b60c0a9e11e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T1CTRFUW\mini-icon[1].png
    Filesize

    18KB

    MD5

    5a125c9608fd84c047490e8580c9949d

    SHA1

    057bd9c2d6badfcd1d4d5e4c71dab8cf13fe238c

    SHA256

    db9eea68f3141f914b57fbeb69906c2a256934e7370ad47b5f28560b336d0e49

    SHA512

    1946c385f1f040ace66b6508f15f93ef69a5603b1882173c242b189ea97a08ad53bb1e017cf638f4cdb25432051d58165795540a4f0bd5ab023c97554330910a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~9172.Bat
    Filesize

    442B

    MD5

    d0a1cc95b8f103f97de934b2e98f380e

    SHA1

    b8a1164fe131523e3f9dc71929f6dbfc9fc04ba2

    SHA256

    9bae3024b2704d5196c2897fd15a87131357e85bfe1f081173d43b4794b41686

    SHA512

    e441d99236b58bee03f7eb7801b0de884cfda0aa9d57dd12eb617e177621f0e8c1aeb1301fbfea332ed0517680de236c620f31f37853ff6c8189c2fe9c89ed0b

    Download Submit

  • memory/2408-3-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download