Overview

overview

7

Static

static

3

07623fe734...18.exe

windows7-x64

7

07623fe734...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07623fe7340fbb2704f4f55336822f79_JaffaCakes118.exe

  • Size

    161KB

  • MD5

    07623fe7340fbb2704f4f55336822f79

  • SHA1

    01b960da2c35928709efa7a497543d5f16790a6d

  • SHA256

    b713948915d759b0ce47a3e1d8e0cf0ddf7e5ca46d5f9f7484f560c18acbf002

  • SHA512

    5f6b2d637f945cf207f7213c3048251068fa8e4b94c5b64810681ff28e1d6ea484527f85aa0315d4d79b3465dac735edea1f700aefac0fbba8f393ff60b8c8f8

  • SSDEEP

    3072:ZCRTpeZ67bFEmPfQ+EdF6uRMVhj3WHUyxe47Eme47EPT:m0A7bGmXpEd0uiVA0Ge83e80T

Score
7/10
discoveryexecution

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07623fe7340fbb2704f4f55336822f79_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07623fe7340fbb2704f4f55336822f79_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\GLF9946.tmp.JS
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GLC94DD.tmp
    Filesize

    167KB

    MD5

    d24f18d5dd381b8ea82d89ad4420c297

    SHA1

    9f3d2d847ea89ea5d84939af84489545b4e2937c

    SHA256

    2e1e80d71ce207354850a9d77620a36dec69a0b0dca362840bdf4b95792d2971

    SHA512

    89971ccd391622243d556dc677942a55147a55028a8ebc4edf23ed28f9e65cbb88f753376dc85b15431cfb699f69ea7ae57f466c15a6e25d2c79fe641e866698

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLF9946.tmp.JS
    Filesize

    246B

    MD5

    1360f2535b5d0386dd17f595554c65c3

    SHA1

    5ada089c1365fe599696db1793cf23ad6a224be3

    SHA256

    b3fbe4a99780334b2010dc9eb1d77f0b47ae993a8a3fe21cd0df9715a9eebe60

    SHA512

    ed11b6bae3dae219155515be1b11be1626751e3448b7c29f3d4cc0e9ff3969d85a8c690a8aaa22b20c8b2950d7b7539b454137b34ed063f5df9641b3da6062b0

    Download Submit