Overview

overview

10

Static

static

3

ee4fca28a2...18.exe

windows7-x64

10

ee4fca28a2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2024 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee4fca28a27f5de69567bf80b35e8fae_JaffaCakes118.exe

  • Size

    364KB

  • MD5

    ee4fca28a27f5de69567bf80b35e8fae

  • SHA1

    25f8c90f06f87bed84b5a4de6e4d8980fce8065f

  • SHA256

    ff2e1b3d6470cd05398c84d623bf1d36d504ed556735539e0aadbe868bdb9705

  • SHA512

    0c45fc5546e2efb209b84b04fa97d2db05086c1e18163f7ff8ba5cbba549d3b2ad4e7f4c8fbb0f22c699643f487ecc4a0d47718d84bfd09bd69fe5f15b6bbfce

  • SSDEEP

    3072:v1GAiXP9yJuGEnvBjHplTOoX56B4uE7U4iy+LwldhzNkYMvMZqvRWs6toRG9DOsS:+9guPnvBDxYJxwphkYMvMZ9DO

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee4fca28a27f5de69567bf80b35e8fae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ee4fca28a27f5de69567bf80b35e8fae_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Users\Admin\veaxo.exe
      "C:\Users\Admin\veaxo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\veaxo.exe
    Filesize

    364KB

    MD5

    88a490a62ec18b8fe6b4b0ec3dd8c00b

    SHA1

    0094ffe57c61a1c2110c244cab26e11c45066082

    SHA256

    a296b1137da3db819965dc2b02821ebaa8d91015af6c9c9099175ba9d8f27e42

    SHA512

    c19ce18955503aa218e22f2f9501c1a3bcdfd232b8a3e7fe30097bc266e1c49db17943cf374445f1f166abaa049fa12e73d94ff4f1d89c988cdd4529209936f8

    Download Submit