Overview

overview

7

Static

static

3

10a53986ab...18.exe

windows7-x64

7

10a53986ab...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10a53986abe4219167be5645d9570ce9_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    10a53986abe4219167be5645d9570ce9

  • SHA1

    f03ce9277c137afa965d99d183948b7b1d510def

  • SHA256

    adacfbbc6327e0bd2b3fbff76df0c14889c626841a5523f6046892c683a2d5fb

  • SHA512

    52ac30033585bb9415015035e3b8ff4409195e2d85d5ea7dd9eaee2827815fa967a9bb4f1d430e04f120d0a570956a4d3065d6f72c073d88dd4ecf997353aa4b

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhh:hDXWipuE+K3/SSHgxT

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10a53986abe4219167be5645d9570ce9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\10a53986abe4219167be5645d9570ce9_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Users\Admin\AppData\Local\Temp\DEM15B6.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM15B6.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3284
      • C:\Users\Admin\AppData\Local\Temp\DEM6C13.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM6C13.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Users\Admin\AppData\Local\Temp\DEMC1F3.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMC1F3.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1736
          • C:\Users\Admin\AppData\Local\Temp\DEM1822.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM1822.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3952
            • C:\Users\Admin\AppData\Local\Temp\DEM6E12.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM6E12.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1076
              • C:\Users\Admin\AppData\Local\Temp\DEMC450.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMC450.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM15B6.exe
    Filesize

    14KB

    MD5

    16d68ce1e6467a4dfdbaa672594fc2e4

    SHA1

    c66057cb4e9c2a7f7892678493f63c22d87275b1

    SHA256

    09c518815e8d4fe70032f29787519928626e7a9a64d8976fec01cc2fd16ffeef

    SHA512

    9db64fd8ed2219685feb8b169e8b864755cb03885787080839b4098593816e51d4bf440762e5593c7e7d41ff37e0aa215ed9b1f351bde26c74eebd6847a594f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM1822.exe
    Filesize

    14KB

    MD5

    db48ab7120dc4a5b0899bf6a7374f712

    SHA1

    cc667a3ca108708303cec42ab888c49f59237c70

    SHA256

    66cb67eaed36318b2b018319f632631122116fbf418e06bd19944d6a7190c4dc

    SHA512

    031210612fe806ef08483c777d550599026a35e8323c78e84dc2ba54c8c91adcde4b2a75a2b964bae4ccb5057e883aa137ee946ce59cab48a6d1ff5da2f715ae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6C13.exe
    Filesize

    14KB

    MD5

    fa119b715ea0ae9a15645212330651d1

    SHA1

    133042e6dbe5ee9ab59d69b5002be7f430b2b59e

    SHA256

    73cb806784f295f9b28b1c4b0a9b218e07eeb98cdfc107cca213cbbfcb69ccad

    SHA512

    8b69b4445991659e17937caef8ec8bd9bde21eaedb17821004d354dbd5d98b3d9451ab0beb1363a55503cf1ee9cfc072642fab90bd5d11b50d2ee075be288dcc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6E12.exe
    Filesize

    14KB

    MD5

    3d6b139655179eb81c4ad6658a785933

    SHA1

    561fe407982620f4a54d27981527105a1753875b

    SHA256

    ba9f98f6ccac66e53f1c84a3fea171a406ef925f46b75fbb981836552ec2c27a

    SHA512

    c13167524ff9a3c1042715b7cb67278283495d41b86560d6f029b27d98ec1191aeee8d19b7e206822093b3d65821e52138d1a39f57bf87bd228b70af213bd699

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC1F3.exe
    Filesize

    14KB

    MD5

    3be45c1d994fd1bc203109138e4bf243

    SHA1

    1c7fe32c06119d509f419590f88b10ff5d013951

    SHA256

    704564941d3b4e3082fc68b1746b80d667f14ff2c2fb96d317816665bfab22ad

    SHA512

    4e6592bd34f392173cf8765a9db410bc504ef9559d0ee6492bb6cea6d14a410df043bf00734591e2a0365b5dca48019a0413d5a361537c07ae85f2f6ef4b3df5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMC450.exe
    Filesize

    14KB

    MD5

    a0bf3ca1c893c8317d229908d26b1fa9

    SHA1

    53dba4aa206031284e5208340b4242a51aa351f4

    SHA256

    31ec394b2120f599efd18b93aa4686023d4e5ba681573596c014012459126ac2

    SHA512

    6b674561d2aeb1ebcb404c406c6dd9277bebd50610ec725406ea546afc065f4ab604f16caef37b4e41c35c3080d7ea0591555db82ae26c8076111bc015f0cf52

    Download Submit