Overview

overview

10

Static

static

3

cf78e403ce...18.exe

windows7-x64

10

cf78e403ce...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf78e403ceca27efddf4c356f3662de3_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    cf78e403ceca27efddf4c356f3662de3

  • SHA1

    72722ea93ced2dff189f2a2ae69c2f44a1104a03

  • SHA256

    7e72b0b65c253c7a41d00f7c5be5e89b772a8cb0703558f69e2ed54943a30356

  • SHA512

    043a6b4cdf26913b43d0a3b3fd19bd908be6694cf781cb4f70a5a0aeca5dcf81fe291d9f67db684ac1a6b1c010f1cc875e383d02562da83b53ab4b82142ccfcf

  • SSDEEP

    3072:aaAfUEiFRrQKGcNqnGrD6uvIepyJS6f1qreT:ahfiFRrQKGciwQJr

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf78e403ceca27efddf4c356f3662de3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf78e403ceca27efddf4c356f3662de3_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4744
    • C:\Users\Admin\fiaugiw.exe
      "C:\Users\Admin\fiaugiw.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\fiaugiw.exe
    Filesize

    124KB

    MD5

    2aacfc3487d023573a07ff4601338968

    SHA1

    28bb2dd0343e824da90aa127b6c9dcb6c21c70cd

    SHA256

    9a9a54514388984353f62af9917d15c2ff12c8b9a4ee8392f6ac03c6912df24c

    SHA512

    cbeac35aee7ccc87d9deeb4852857105e78c835eaff49651a8fa3924394e1f45737861d1c6401c0f3a2f9836d8e13e7d822f0791482fcb377b0619a5f539e5c0

    Download Submit