Overview

overview

10

Static

static

3

ed365f9ce5...18.exe

windows7-x64

10

ed365f9ce5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed365f9ce575d165acf32578898f8bae_JaffaCakes118.exe

  • Size

    228KB

  • MD5

    ed365f9ce575d165acf32578898f8bae

  • SHA1

    7eb672055ec59827ef5173e37741ce6133a1bf1a

  • SHA256

    bea39053fa2a3936601b9277d8226eb3a98618a87f84f7c666ce1aecf3df8b8d

  • SHA512

    66ee326c3de6cbc0d225c968b592f9fd63d6e380a9db230cf36f3aae53e76d33394719a1f3d25e156947c978c6720bfff9f4cf226601159c0a58a3bb7afd49e5

  • SSDEEP

    6144:wKXG3dwqsNy5ibpNjlDEqxF6snji81RUinKNCO9:FXkdQxlC

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed365f9ce575d165acf32578898f8bae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed365f9ce575d165acf32578898f8bae_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Users\Admin\habec.exe
      "C:\Users\Admin\habec.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\habec.exe
    Filesize

    228KB

    MD5

    4aa3ddbc888ce1a3a8daaadd9a329934

    SHA1

    1026e1de15fc745d07ac52e12f6b89fd6ee4009d

    SHA256

    64bb009b2552dcd4822e99304878803e460d1fee7c2259f94f7223a0513a41a6

    SHA512

    c1b0058d932081bea734c47aaf58c3ba7935bf19d9547ab5daa0021fd1ea56a1a37ff4ac66c589dac4edd1940e4a7bf6b5c0c5c8e03cc71a3d14b14745f27bc0

    Download Submit