Overview

overview

7

Static

static

1

ead2372ac5...18.exe

windows7-x64

7

ead2372ac5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ead2372ac5779d6737eb9fa6a766067a_JaffaCakes118.exe

  • Size

    555KB

  • MD5

    ead2372ac5779d6737eb9fa6a766067a

  • SHA1

    6c604141cb6b03b9cad66b74078a9fbdf52b0aa5

  • SHA256

    906a687ef5b9e577b1c35792cb5fc02d258f4508cf386be83ce26efd15648539

  • SHA512

    d08b57aa43e0df06c0cc756584ad4dc6781d0c143c1faf4e89865a2d6629a96e7f98b17263668bb48f8530cdcc4848fafbf1be8bfb7c4d6a1d7e865174277af0

  • SSDEEP

    12288:n5Ooq9fQ+qrcKHdy/pbAMTQDa8YYsv0ldgO:nIz9eAKkRbTTQW86vigO

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ead2372ac5779d6737eb9fa6a766067a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ead2372ac5779d6737eb9fa6a766067a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\SetA77B.tmp
      "C:\Users\Admin\AppData\Local\Temp\SetA77B.tmp"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\SmartInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\SmartInstaller.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\Background.bmp
    Filesize

    10KB

    MD5

    4a3f1052237bd361f8f608ee944db1ed

    SHA1

    e2b14766ce9b4efc252596a27a0ac50779d830b4

    SHA256

    30d63f9a677c65bfbb99f6de7f9127cd0bff16c4b4032e281410b926380b90ab

    SHA512

    ae2107761c89bc944b308197caff1add0851b0eea54b78eb5ba0780daaf3561c562f12b885dcb9d4e6bcff5b7d82b0a936a7ee65f6b797061dabc2a76434cc0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\ConfigParams.ini
    Filesize

    1KB

    MD5

    3f73662367e12e4a0c083e57ea7295d2

    SHA1

    086256aec26fdbc77bdcf1fe33b1743c0700d9dc

    SHA256

    cf511ff6c8103ac4863a6807c990ca636fb8d9ae94496e0bb4180cb764acdcb8

    SHA512

    1ea899e739e632f0ed04540afedb7037e4ee7620bf915e8dfd2d7d2a492d41cc73a6fb67ff9af781419b31dbf6e57232972903a26c568430096dec92ea17a645

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\Language.ini
    Filesize

    7KB

    MD5

    d05a3df7fef0a46af46e39c74dd33fd1

    SHA1

    78c74d19e9dda8ac75d418fcda3ebd1e0f10c898

    SHA256

    c095fe5753c76fdf3ec8d9750861c963fcb0eefacca87de8b2786a0960de341e

    SHA512

    c808d2ec184d6d32205e1e6164aee18024de5fb3d6cbad70cd56cf96d4674fb3c21f46e6628940cbf12c2bd2d7d3410ebba6656e1497711bed4997f470baf311

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\Preloader.jpg
    Filesize

    99KB

    MD5

    edf6a7dda2d8f879a042ef0fd0095368

    SHA1

    feb08049acfeedf5dfd3db257c948a0213ba3e84

    SHA256

    480ed2b18683d03228b8e5193c9efb9f4476fe529eddfd07596c66c289734865

    SHA512

    c4eae6f47a98414eff74bf7af2cf76feba950ec5619253c2e629550bb8b9fa2e179d5948cfdb6932bdf4a86246b0364df55c124a9e0ee81b9dcd2e86090e2552

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\SmartInstaller.exe
    Filesize

    645KB

    MD5

    3911ad8b535e9dc396ee19d68b056c9b

    SHA1

    c429c8290d824d52d9228c5249ba3f21103750d7

    SHA256

    5c3f19400a73a9fe33f9cedfd2a88d4678312c757f440cf0fd532240fc80ffa7

    SHA512

    36406eb539ecbf9c684e44728b3315c3e6a4074ddab15d79aeb8b1349e036dc54767dd1ddca9af22356c06fa70bdb4046af9e9aba1bf6fc510039fd0bbbb681c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PartyPoker.it_Installer\zlib.dll
    Filesize

    52KB

    MD5

    4965107d112666d3835308a831a29274

    SHA1

    50439b99ce525ecb74c554e1dc43ddb39481dfa4

    SHA256

    105280995cd5746078d67b8651dfe4ad2abcd532d7ad528d3100c535b0b538af

    SHA512

    38fa8f0eeadd75bf212eaab458833cfd3445d00f3d77f1f8a86b7c3ba99376231c8b3fc3cfdff6f02f2ca9c90956c76f9055717712d35a7ca7b30172a0010b59

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SetA77B.tmp
    Filesize

    521KB

    MD5

    37979f6da3c6b86244c16c7eac16cfa3

    SHA1

    a4f20516c89093ffbdd097aa613b30fe9902c572

    SHA256

    c84445e1bedccd19afa08eb3c6165a74ffa25f7da9ff7a9a4e6b7107b8ac7e60

    SHA512

    e67d795106ba4c4300b41a3c4a5686e602139ce8190ef1719a8fd39e5cbcdf12a9437ab023694843690d355d09288d117527e57fec61d8d09c9f95aef228212c

    Download Submit

  • memory/220-28-0x0000000000A50000-0x0000000000A77000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2604-34-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download