Overview

overview

3

Static

static

3

f7243ca350...18.exe

windows7-x64

3

f7243ca350...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/09/2024, 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7243ca350010d1157bfd5be158f635c_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    f7243ca350010d1157bfd5be158f635c

  • SHA1

    af6aad4bceccde7c79be5d819806dc02808b0551

  • SHA256

    6a25ee5d56735d3432b52c47461cc8adc6ad78c451634e356a8c51176e0bb2ed

  • SHA512

    646b07a7636c7abd6f6324ffb62aa32c15e7535dc13d9456ff83a8d544d5692d9bc03d5056a89fbc8b8779f466ab475928cbd80683e552bb2cd3534adf711a7b

  • SSDEEP

    768:QLFu1jGZPh+qrH/acGg7TnTiDws0C9liNGd/oZEsvsd2RVrMe2LFu:l1yZPh+qrH/acGiTTiDws0C9liNGd/op

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 27 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7243ca350010d1157bfd5be158f635c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7243ca350010d1157bfd5be158f635c_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c regedit /s "C:\Users\Admin\AppData\Local\Temp\QQMain.reg"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s "C:\Users\Admin\AppData\Local\Temp\QQMain.reg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Runs .reg file with regedit
        PID:4832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\QQMain.reg
    Filesize

    2KB

    MD5

    4b18b2c6660a6ee313a65ee597b8834e

    SHA1

    40273ed41237a80a720471533a68eeb4cb2a6b64

    SHA256

    00c24d3db533ce52a46a263c0a0efa94bccda61fc4c7d4b3fe24b5626ebb067c

    SHA512

    5966bdb470013697f7ae1df82114ee903801972bbb0a8335a03ad2baf19aaba9103e52d02827554514d1acc59c4bdf4f17831a0e0bf86315c398eac96ec84ba5

    Download Submit