Overview

overview

7

Static

static

3

020a66f7c7...18.exe

windows7-x64

7

020a66f7c7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2024, 15:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    020a66f7c7ca9542d434b5e38874fb0d_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    020a66f7c7ca9542d434b5e38874fb0d

  • SHA1

    d1e8b96e90f5cc0553517d839b7143e5b6292ebf

  • SHA256

    7cdc7c3b1150d794ad0c84fb14757b8662aa522f8896abbd910f9f0d27a305fe

  • SHA512

    8c409161640655ff9b278290a7f4627054a061d003618e6352d7fd22978adb2114e69240bc8dcaaed10de99689810675597b81bb65cfce0ce0a6bcb4ecd51e64

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yh0:hDXWipuE+K3/SSHgx2

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\020a66f7c7ca9542d434b5e38874fb0d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\020a66f7c7ca9542d434b5e38874fb0d_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Users\Admin\AppData\Local\Temp\DEMB45C.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMB45C.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4940
      • C:\Users\Admin\AppData\Local\Temp\DEMB26.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB26.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2480
        • C:\Users\Admin\AppData\Local\Temp\DEM6107.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM6107.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2156
          • C:\Users\Admin\AppData\Local\Temp\DEMB716.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMB716.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1272
            • C:\Users\Admin\AppData\Local\Temp\DEMD35.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMD35.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4956
              • C:\Users\Admin\AppData\Local\Temp\DEM6392.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM6392.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM6107.exe
    Filesize

    14KB

    MD5

    3882cd4d472e00e9ed218107d43ba4e7

    SHA1

    52fedad6cd4183588f10f22b3aaf6df5b18f8379

    SHA256

    7753c7d1236136bf1f376799fe467c4be3c145f66a7b93fd48550fb1c1d48c51

    SHA512

    8b5903dd4d97c47f382e09272aa8bc3c02287291ce8c8385adcd37bf7481b24f581fbbd9addff55ca67321c36fb0dc7a02763ce3c7adf8837d740fa14dbf5515

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6392.exe
    Filesize

    14KB

    MD5

    e46d9c6cd0716efa351e4b18b7bcc3b5

    SHA1

    8ff7f92d59a2d84dda427aef0fe923cadc487b77

    SHA256

    9f1a1e6905137aad709a76d9dfa312415a8c16edfe4555de3416e55511aa32bd

    SHA512

    9ac45d346796541308d7b2015698c4ae1df2275e68657107939e99b0714e54ce76f4ae54c64dab2e10b863294eeedd80d015705c2bb895ee9fd39a3aaeade3dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB26.exe
    Filesize

    14KB

    MD5

    dc83a981d766970bbd5c6b6117911009

    SHA1

    c4ffecd96d19bd1ca365a856de943c539c4f38f8

    SHA256

    c7d4805a80c481a27e4ef0a6ca9c7153b66ee1a8d9b2054b58e85bb1f97acfbc

    SHA512

    738189fedef7280450e5f754d9edeb505c8f8f46a136fc65a44ea7686042f163de5c01d2dc5cf4e8b61693b64c96e37873513632e261634871c6bf1c3159b949

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB45C.exe
    Filesize

    13KB

    MD5

    43d7c2a8bf42128ca35be7865974cd98

    SHA1

    0f568884cc8b98c9076283abd3eb122f4905cdec

    SHA256

    7e275171d7bced07d387492daeb2e054d014692a235e3063f1daab1e61155f79

    SHA512

    19a9034629303c809b39949a0ef8934bf7079d14e0a42f64798cc4c47439aeede4e670cdcbf854d0acd8c0e8346b2663602be4b317c1649b83d9368ddb264ae5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB716.exe
    Filesize

    14KB

    MD5

    b4a5a711a9924b04b49d70031bcfd231

    SHA1

    d29c7b370e110e872d1c5894b7869ae88be87e1b

    SHA256

    e93cb25d8e047bc6a9f62f77498aea1ad9c34df750320cf9a9a1a884b0c41dae

    SHA512

    ca920d75e99dfce33f38c8e1de98bb1bfaa9d8d769be878cd1eb9d838beb3be34cd1e1f1433f09f0c2b8a76064bed089b762eb29322e0e4d354feb6c7b3b2c23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD35.exe
    Filesize

    14KB

    MD5

    1fb782494e0c471a8d70d6a935f16495

    SHA1

    6e40b7d624f1a4626310299c43a4e8949383f017

    SHA256

    cd4f16c2f692984ee273c9a677fc813c7bd2854da4b4d094d3051dd55f2bcf9c

    SHA512

    cb7789ffb2a74c2366b9763764e2d673e2bce71a68e65095d2b07253612f922bad5366b229e53c73fd080b8cd9dc2833441bd9006a4355ccd2e2997d63f37ae9

    Download Submit