Overview

overview

7

Static

static

3

02bb32a3ef...18.exe

windows7-x64

7

02bb32a3ef...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02bb32a3ef2d5e334abc45565c74d807_JaffaCakes118.exe

  • Size

    180KB

  • MD5

    02bb32a3ef2d5e334abc45565c74d807

  • SHA1

    b7df9fa67a3d0323a2c45c1350984f919f4cd816

  • SHA256

    3dacf8a3174f62ce405997871ae64b4df5649b1355a41ad44d357013951aaeb4

  • SHA512

    f68ec1a01b0923376c30251139d2a85d26988acfd3b5486d2ef0fe978ccf5c94a3fd4a8b97c32dbe6fb6009866e03b05bb58c415b9d1e8e2de97897e639ecd79

  • SSDEEP

    3072:LW/VYzBv1Vh1HHoGFffUMd94EVMgE0FbAQoIW4qObmdSP:C/VYdIMd94EdE0ZhDLUs

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02bb32a3ef2d5e334abc45565c74d807_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\02bb32a3ef2d5e334abc45565c74d807_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\Nkajaa.exe
      C:\Windows\Nkajaa.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:3216
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4356,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
    1⤵
      PID:19372

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Nkajaa.exe
      Filesize

      180KB

      MD5

      02bb32a3ef2d5e334abc45565c74d807

      SHA1

      b7df9fa67a3d0323a2c45c1350984f919f4cd816

      SHA256

      3dacf8a3174f62ce405997871ae64b4df5649b1355a41ad44d357013951aaeb4

      SHA512

      f68ec1a01b0923376c30251139d2a85d26988acfd3b5486d2ef0fe978ccf5c94a3fd4a8b97c32dbe6fb6009866e03b05bb58c415b9d1e8e2de97897e639ecd79

      Download Submit

    • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
      Filesize

      390B

      MD5

      8a42331d6cf35b332af8138bfdb1fc50

      SHA1

      9c05bc54e1574efcd654c092915057d8315758cf

      SHA256

      6d7be1af3cf7cd80bb60b89de781a7ad163e1ff192ff85dc10074dd2934ac6d2

      SHA512

      fcd879c98f0e9dc77220af9ceb34b5617641524ee737000b85fbedd130b5e2f8b25e095f6e1277ee426bbe423956dc8eb86ada922742af5db476edccd25aaafa

      Download Submit

    • memory/3004-80400-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3004-1-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3004-80407-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3004-0-0x0000000000520000-0x0000000000531000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3216-9-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80401-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-8-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80409-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80410-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80412-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80413-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80414-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80415-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80416-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80417-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80418-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3216-80419-0x0000000000400000-0x0000000000445000-memory.dmp

      Filesize

      276KB

      Download