Overview

overview

3

Static

static

3

db9418a76a...18.exe

windows7-x64

3

db9418a76a...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-09-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe

  • Size

    197KB

  • MD5

    db9418a76a2abe061147509567c1b1f2

  • SHA1

    694bc1c41625adc7ecf8648fc980089b33da924a

  • SHA256

    436151a1b0aacd07d9ffef8f5d6f21b7c5a64150522c1502196808210c6e937a

  • SHA512

    4c5dcc368dbfd33c2d2cf7c7651c2da9d2e7e57b6444159fc867a13870567cbeeae2816fb18dbff16f4cd0c5358b79dff14a57a854a4923aa5a596f9e285fb44

  • SSDEEP

    1536:4BejSRINGraIWvKS3MKJ3xULa/5rilh+Y4lJX7ZUf3mesXERgMBSNK/CSSZ/Sppy:RGIQ9SKUZ3xXxrilh+YUJxMcsr6SBHKl

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\a64147.bat "C:\Users\Admin\AppData\Local\Temp\db9418a76a2abe061147509567c1b1f2_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5008
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /all
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers network information
        PID:912
      • C:\Windows\SysWOW64\findstr.exe
        findstr "IP" ip1.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3716
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /all
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers network information
        PID:1036
      • C:\Windows\SysWOW64\findstr.exe
        findstr "IP" ip2.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4708
      • C:\Windows\SysWOW64\fc.exe
        fc 1.txt 2.txt
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1.txt
    Filesize

    225B

    MD5

    88e7f8e463b3016292236e164822a0d6

    SHA1

    c58d0ca324d562a5a4231d499d9a73a3c7d8282b

    SHA256

    50762f8d0dd8ca4d4ea1c97e15b2da7e73ac01d80c10b67390ecfe54f464fabc

    SHA512

    0ad453f035c6bdf1399957bbba17751f701a93494cf5e73098cc4ec6160892b8b7620a1578d2ac4d6fa41c022627f3625b2f811f5a7ba9b28f3560f225975a15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a64147.bat
    Filesize

    940B

    MD5

    b0c1a5568c7f23172e67f5c0e481d716

    SHA1

    797a50e6c60455d712acb8d724abbc44b16a928d

    SHA256

    7215ed557507c1c5fd5e1c44bafe79749ee3ffe69558093809d1097df8a74699

    SHA512

    20908163f40d1f951d495131122701f1f0eb207cc6229c679715a372394bbcecd986f5b08f2e0d6b77f40db6c950da6aef6fa54260e91583e7781eca06b3c2c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ip1.txt
    Filesize

    1022B

    MD5

    5c8a4f3b47ea9e1f18042fac3826e039

    SHA1

    ec3688d40292c6a9c7823944210ce9de40ce6520

    SHA256

    ccafc3b325a1dba44be16458098df0c4da3b55130ef0f61621b487000a6be849

    SHA512

    1944efe4d271e2cb6b8c82b953e2d9bbe86685b24f3e7f99a392232f3f98b791b964583adb62f6f1f6867c2d7fcd530a74362f75ccfec22586110e4af076108f

    Download Submit

  • memory/3868-13-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download