Overview

overview

8

Static

static

3

d38bd25958...18.exe

windows7-x64

8

d38bd25958...18.exe

windows10-2004-x64

8

C:/Program...RE.exe

windows7-x64

C:/Program...RE.exe

windows10-2004-x64

Analysis

  • max time kernel
    92s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 04:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d38bd25958ef03023922b69ded4c4d94_JaffaCakes118.exe

  • Size

    347KB

  • MD5

    d38bd25958ef03023922b69ded4c4d94

  • SHA1

    2a426d8556768b7a83b71f17e32ca4cdaa5a1034

  • SHA256

    c0a8580cb4cd5586fdd1d7c78beea9eee1909ced7fb24afdecea4f9d43139126

  • SHA512

    b459d1fbe8605c68d600759919655cb5ef2446db189b9396d31ea73a0a2fd24b7c04b42379bdebe3729e520b5c99e713f0902ae15d04dbfa2ab1432aa66c2ff9

  • SSDEEP

    6144:85O8s31cy0QeVTG0SdBBMrSRat3Rw3DfZRf8wb0qSEicbQ7e7cpaGKX:R/1cy6G5/8SJ1SwbvSJEX

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Blocks application from running via registry modification 1 IoCs

    Adds application to list of disallowed applications.

    evasion
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 20 IoCs
  • Runs .reg file with regedit 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d38bd25958ef03023922b69ded4c4d94_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d38bd25958ef03023922b69ded4c4d94_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4148
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s 1.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Runs .reg file with regedit
      PID:4232
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s 2.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:732
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s 3.reg
      2⤵
      • Blocks application from running via registry modification
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:1072

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Internet Explorer\1.reg
          Filesize

          2KB

          MD5

          0d0f3e9c92aaf09ce36362d68809e0bf

          SHA1

          eb42a785649408e1166951a268f0a9eca4cd2a89

          SHA256

          3c752fb18450e212e2faaeee5bb5f17eec5b8a82bb517cd248595da13743c11b

          SHA512

          d17734b1fdc75e4eadbaac8f346d12d156beb4f290593e82582a1dc0b0c720f35b0c820565577f3fe6fc518103b96972a637db914591f122603ac7abd5526f6c

          Download Submit

        • C:\Program Files\Internet Explorer\2.reg
          Filesize

          358B

          MD5

          7df64c2f984a856c37da26eb7de9113a

          SHA1

          5ca68487e8ea27209736e588b8e3a61850c50ce0

          SHA256

          bc98f5f5592d7bd8d98df4b6cd68864b061a3c4c9f818bb4318ef64e351fef52

          SHA512

          f3153d44db726e7ef259aceb665c7aad2e1688e1f2b28ca06d072788e014581eae10ab667912c8fd34e4d7b7d1b9949446d83de729189aa57d4ab5a24b61ffb4

          Download Submit

        • C:\Program Files\Internet Explorer\3.reg
          Filesize

          586B

          MD5

          e7472bffd558ccc71a6e923a084e9c84

          SHA1

          32329185d47a9c46fef10636ace66b001d56aee0

          SHA256

          423800bfdb6b7542b541345f04c4604216a7cbb64553d7cfd690071bf418d686

          SHA512

          2e0d807003e0f94eeb61a2fabce1eb7fcf51053b9d68875ec7e11d90b00c06052be470f62d2ba0117e122a872d176918513d5d3ab2ccb57335cbc2e394245abf

          Download Submit