Overview

overview

5

Static

static

1

f541e70cfc...18.exe

windows7-x64

3

f541e70cfc...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 05:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f541e70cfcb1df9b4244e22a33bf6912_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    f541e70cfcb1df9b4244e22a33bf6912

  • SHA1

    d45437318442b4a3cac9e0a8852f0e8bc9685d6f

  • SHA256

    fe08efa5fa5fc153fa2db58eb79c78d4cbfda68e431f7efcfb0629bd15e8fee4

  • SHA512

    07536fb06415ed229d2a3505816ad9e43b8146eee10ff1874e93634fbe1585e42252f737158970444c1f8b82bf3faf812658f37b9f54240e6bf49b9da128dc7c

  • SSDEEP

    49152:fZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9C:fGIjR1Oh0Tu

Score
5/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f541e70cfcb1df9b4244e22a33bf6912_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f541e70cfcb1df9b4244e22a33bf6912_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10547.bat" "C:\Users\Admin\AppData\Local\Temp\58D7C891D65145CA808F9A524CD654EC\""
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\10547.bat
          Filesize

          212B

          MD5

          668767f1e0c7ff2b3960447e259e9f00

          SHA1

          32d8abf834cce72f5e845175a0af2513b00504d8

          SHA256

          cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

          SHA512

          c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\58D7C891D65145CA808F9A524CD654EC\58D7C891D65145CA808F9A524CD654EC_LogFile.txt
          Filesize

          10KB

          MD5

          5452408e72eff3c3ffc4191f03eba273

          SHA1

          e06a841941007a3b4867f5a563ab8d87385b72d7

          SHA256

          e8d696c072950d0960192a6d34fe1765b6c4ddb6a1bdd60b5976803da65aa811

          SHA512

          0b6bb51b853324bcb33184ac7ed47dd2122f3faf2bceb91e8c9468140e0a1f6cbba4d0d21a5cabb6489aadb8ca5aed07c60100db63a7453245fea1a1351d84c8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\58D7C891D65145CA808F9A524CD654EC\58D7C891D65145CA808F9A524CD654EC_LogFile.txt
          Filesize

          1KB

          MD5

          747073b3937753b0ee05d454a6145da2

          SHA1

          79739ffcd91eda5617db8fdbca07e16fb2926d1c

          SHA256

          18e9e894b9ef061634dc473e408143aa4f7303bbca26a08acccd5008a2f7d7b4

          SHA512

          5ff650de7fa8068e2a809fa80743312c9bc292e86bbada03ec5ea336bd88f636ffcf2b05ad89e7cedd54a2b56124eb7273d0b9280893e176c51f67284677bf1e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\58D7C891D65145CA808F9A524CD654EC\58D7C8~1.TXT
          Filesize

          120KB

          MD5

          0095d03290c679484f654e46258c50d3

          SHA1

          b254d6dd095801e88b93ab6e8b5a0978565029f6

          SHA256

          cf71f3b947fa99f198509230d6479f57f6724f2546456302e4a2ad9aec864ed3

          SHA512

          c587d5476cff8b45961cebe104fe94bcf306732ff3c03390fc335cca99c003a3056015daa0e029a5cd5eca2c8dd9510057c2137ae4a75456416e772115a18787

          Download Submit

        • memory/3160-63-0x00000000039C0000-0x00000000039C1000-memory.dmp

          Filesize

          4KB

          Download