Overview

overview

7

Static

static

3

ea9924aed1...18.exe

windows7-x64

7

ea9924aed1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea9924aed16afdb27aac285cc44d1ad5_JaffaCakes118.exe

  • Size

    144KB

  • MD5

    ea9924aed16afdb27aac285cc44d1ad5

  • SHA1

    9b6cab66782375117813c13c06cb97b72b9e876e

  • SHA256

    8a19a3437ec0cb72050391cf8878d441bc2720702b206922f305d6d7cb223a05

  • SHA512

    edf8f9d0bc8df1f06c7674f4844992b099536d51825c0f176a70f8f8278e9511aa14e29e29e26d268879b77d93e30666176e7475a07b285bc2b63f4a1640e5b7

  • SSDEEP

    1536:RVlu4cogaDGwYSjZRGseTkqOSk6xP63qcWYELN+t7u8LplsO4:j+ogUGwYSjPGseTjO+6abYELN+t68nI

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 46 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea9924aed16afdb27aac285cc44d1ad5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea9924aed16afdb27aac285cc44d1ad5_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c regedit /s c:\reg.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4876
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s c:\reg.reg
        3⤵
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:2264
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.5136688.com/?t
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4520 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3824
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c regedit /s c:\reg2.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s c:\reg2.reg
        3⤵
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:3448
    • \??\c:\windows\SysWOW64\wscript.exe
      c:\windows\system32\wscript.exe C:\Users\Admin\AppData\Local\Temp\Killme.vbs
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:5088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    33bac9325241193616461afd5a0deb0c

    SHA1

    e78ed72996568bc9616f4d6b20403749252b4859

    SHA256

    cb0b78d15b774b91ab6f6ef315a14f301b85b40122a72622818753212538f5b7

    SHA512

    3054cbd1551e36a747fc4c7086d3cc484530ea13d44279b4f5f92d462d91d7e3322bb240edeedd517751c00949a6264b50322464e446290726fde18ac4eb2e2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f07ec6762144a544710b0af33ab93448

    SHA1

    82d53891e8184a335ac80fc3bf376c26f6880adb

    SHA256

    39005d4e20847aed96e96e5c8d1da23ffd3b1aa23f510b85a081889ac540025c

    SHA512

    1424ac62502a1f540d8eef5d8e188c2f86fa2947a58e08ca1118e7374489529185435e31edd5b826c14bf9e56b9eac3454792e058c3fd1f5f9c218e9550c606a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE5FB.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JACP9GNT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Killme.vbs
    Filesize

    289B

    MD5

    9334344f85a5b5b5da26caebbc05f680

    SHA1

    167d0d8d7e7c2a6950224d5f63de4193cdb9fc98

    SHA256

    727fcaccf02a12575304f73e6feef2db58e2de0683f5deca98149fcc709b70a4

    SHA512

    550da1ed9b55c25f87be3ba1d930b61a877bf2836bc07c22f30fd6630de5ee06a0e35e6810e82c7c11360329845f26af5add452d1475c101ace305e0569e0dd7

    Download Submit

  • \??\c:\reg.reg
    Filesize

    195B

    MD5

    d074af1950aed38a9507428f23df9ad2

    SHA1

    0313b03e880b283cfacf64aea25c54259d388201

    SHA256

    5f3cd51950de3b9c7f8bb8a14cf5c39f3d480270d89a7c8fabb54900c9c34ca8

    SHA512

    484029eb461a182a9b088f9912047d455749381eab696d15af719f020f4982b6a331b20f1ab5437a8f9312724770ac26791f83d20c79e0e1b1340e53d1122fbc

    Download Submit

  • \??\c:\reg2.reg
    Filesize

    450B

    MD5

    2944837920fafc0892eb196e7d774b23

    SHA1

    31269a61616a0064576e0e6a93e23722cf5a2057

    SHA256

    1c2c0c933e0023e7a24cdd4dd5bf363b00449094d3dc9ff3e7188d893e2580dc

    SHA512

    027b5677254eb8582a672cee88cd5c82dce09170fdc2fd47e9dfaacbd29b691719a5c7ecacbae1fb8c3a5d4a5243e9d3aad64be63e9c788e01f6dfd24f0e003f

    Download Submit