Overview

overview

7

Static

static

3

d5a0938b08...18.exe

windows7-x64

7

d5a0938b08...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 04:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5a0938b080c3396a5be6ce767af8a0a_JaffaCakes118.exe

  • Size

    67KB

  • MD5

    d5a0938b080c3396a5be6ce767af8a0a

  • SHA1

    9fad4a13f1cbf18c51525acc5eebb86045581303

  • SHA256

    a6d08aa1cd49671a2cd2b31b34521c7d8a236a76b5d03f1f104baf16fea97d55

  • SHA512

    2094643963a55c2b37deb3c09e31a4e68bdccee4bf1331dcf4203fc3e9410f7769fc41344b8d35d39c948fed282efe44e29cc4be96699065124042a87307bf8a

  • SSDEEP

    1536:4qVlFrJ1OObCcx5vDsc63QuPRelAOTqa0:46PrJXbNjh63eAc0

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5a0938b080c3396a5be6ce767af8a0a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d5a0938b080c3396a5be6ce767af8a0a_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Hhj..bat" > nul 2> nul
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Hhj..bat
    Filesize

    238B

    MD5

    6576073ab342e979e7f2c446dca8ebf2

    SHA1

    0f5d01fe1bfdf081ced0b1aa572c7911c8535060

    SHA256

    cae28faf936d18229cf30b11fdef6ae2ef8ab9597334607b6289c85f1264c0d8

    SHA512

    22e2d5e2f1b9d95d8ccc7992c6000feb5c7a6718b5f67090ec564cfaa16fd550c3e908ea96b47b4732de9fc87b45f930b0583aaae9d0dc868d30074c406830c8

    Download Submit

  • memory/4020-0-0x0000000000690000-0x00000000006A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4020-1-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4020-3-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4020-2-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4020-5-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download