Overview

overview

10

Static

static

3

ed231a6753...18.exe

windows7-x64

10

ed231a6753...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed231a6753c07a002b10283efd0e6b63_JaffaCakes118.exe

  • Size

    156KB

  • MD5

    ed231a6753c07a002b10283efd0e6b63

  • SHA1

    b5f636d18bd80a0873e2da345fa5ea8e74c7cb18

  • SHA256

    c3962e199ecd8b4c350e1ca3fe52045b7e3d42596aae0165259a96ccb0ff364b

  • SHA512

    8b0ed166cd2209ac89d1632687009a06684c3c58b8b42366fd792bc7dd0dc144dd263bc3788bde67a3927a0bbe883fd2b4a10b4fff162f8c6b86a08f11aa39cd

  • SSDEEP

    3072:Ru/j0/TZwR0V44ZeNeGVuLH/gefYMmsyvrdmo6aKqpaZ4oQZiEPcA:MeKRakVu7/lfYfhBmTvWZ

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed231a6753c07a002b10283efd0e6b63_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed231a6753c07a002b10283efd0e6b63_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3564
    • C:\Users\Admin\swpoij.exe
      "C:\Users\Admin\swpoij.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\swpoij.exe
    Filesize

    156KB

    MD5

    a50d00e5c195633b3532a2708fa4b796

    SHA1

    caea8e283e639b7ec827009f5425489c5bb20c73

    SHA256

    fd9cbbb16c68a0e8787e99ea66cc7e198a2864ea1b54e2a8191414297eeb5158

    SHA512

    90ff84daba92a30adf38ef75b60fd22a098f6664b7eb6dfd138def6e16bbbba2b1c89214601108498d9baba08e589c709471f5f2f162d2168b74c8e92ed16a80

    Download Submit