Overview

overview

7

Static

static

3

fa1bdc030c...18.exe

windows7-x64

7

fa1bdc030c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa1bdc030c258f6d6e6657ea7f914d16_JaffaCakes118.exe

  • Size

    76KB

  • MD5

    fa1bdc030c258f6d6e6657ea7f914d16

  • SHA1

    bcee543a250b9d30f529e8d31027567ea9c5c4dc

  • SHA256

    812cdf448b1b350717d7ec069438a9b92ed4bea17ee60abaf5735d394654ce75

  • SHA512

    52f78b21a63772f416031746d6cc049b30ecd3ee1bc758f2d9154d23e33d92b15ac96df6454b9d52a4fdce2647de23d0d79c30f9c091645ae9f895d39eae6216

  • SSDEEP

    1536:EYoq800NInw6Jxy5nA3OOyyZMuuWw/xHJZliFsZ1RB5pT:EY7+oyVtBxpZliFQRB5pT

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa1bdc030c258f6d6e6657ea7f914d16_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa1bdc030c258f6d6e6657ea7f914d16_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    PID:4992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ISTsvc\istsvc.exe
    Filesize

    508B

    MD5

    8b203ba61d5ffaf4a2f0c9c9df0a4794

    SHA1

    5a2499f81dda1a8d18bc4dd73437f3dc59b23cf8

    SHA256

    f4eb92e98706d25bca3bae97e5176f19ddded9d5b2e1319ba7b6f37ad32f201f

    SHA512

    1dbe50a343227cda6a1f965c8f66fa2e06b64262ee4a24866ccfef64bab36979cb08e6ff1638ed390beaf73515faee202ad8ed94817384152e7886da382b0473

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mpnvi.exe
    Filesize

    516B

    MD5

    d12cffa750166bf7ab72188b1df9ddee

    SHA1

    a59753cc2f9ea2d10bcc1b2a0239d0b451c175e3

    SHA256

    fd06524b7adf778cfc1be033b2691dfd209d4680709c53aa9645256bf005ea03

    SHA512

    f6913e560aced6ad37941e135df3cac7a9f83d988540cc5a95650cc2fa2bf3803c979756d9bb88766434192df335c639bbd1ffcf9622030f6a893f4c5e519beb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sidefind.exe
    Filesize

    41KB

    MD5

    c82fc98dbf07cb3bad2a01fb90cc9246

    SHA1

    75d14eace4f04611ed19eeecd2c66729591dc741

    SHA256

    3dea47faf1377f449104e7adbd2e5682e9a73367ffa94a823b7cb88289003d5a

    SHA512

    b65385a0efbd036df24dfe77ee2c61500ae18adec238ebf78a03a7c78e4fa113961ddf5147478f976e650234b157ec0a4edca95106cefaa04ca0b812e41adf9c

    Download Submit