Overview

overview

7

Static

static

3

1122a1fde4...18.exe

windows7-x64

7

1122a1fde4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1122a1fde4027b896cf2a1af48ae919d_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    1122a1fde4027b896cf2a1af48ae919d

  • SHA1

    0d650612e87f8caaacb3373775f3387c44f9d5a4

  • SHA256

    0196f43cfa9b355996005ff864ae05ed763c8e8cc465becd2b636892cb259c94

  • SHA512

    1ce65c76ce8c45770bd4540f787492750f84cc600a39e1c0dac032f54d666a3834d8ebe03b014e1495859e7d45bc53906856151bd3b746f34e627b6ad28c3aae

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYlE:hDXWipuE+K3/SSHgxmlE

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1122a1fde4027b896cf2a1af48ae919d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1122a1fde4027b896cf2a1af48ae919d_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Users\Admin\AppData\Local\Temp\DEMBA76.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMBA76.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Users\Admin\AppData\Local\Temp\DEM117F.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM117F.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Users\Admin\AppData\Local\Temp\DEM679E.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM679E.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4880
          • C:\Users\Admin\AppData\Local\Temp\DEMBDFC.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMBDFC.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3300
            • C:\Users\Admin\AppData\Local\Temp\DEM140B.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM140B.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4400
              • C:\Users\Admin\AppData\Local\Temp\DEM6A97.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM6A97.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM117F.exe
    Filesize

    14KB

    MD5

    84a5ab11bef64e101ce688b7f097500f

    SHA1

    655520370771c52e0ce909dfa35e383249527bee

    SHA256

    deebfa5b43ad621ba7a9bef1ab33ee45c206f5a03961d60b3e989cd7ded7a80f

    SHA512

    7b3e0fe1560d3e851c81849c66cd25a99e074905fe59fd57666ccf38f05f4f2cd70f722917e06dbfbece70e92fe391e01defc6dafdd90890a67904def2d835ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM140B.exe
    Filesize

    14KB

    MD5

    fe055e66ffdd1623b59df4abeec7d39f

    SHA1

    c7b1dcffcc206d281a4312da353f8e57d1275fec

    SHA256

    f0259edbccc05af0c638d5f3123ed065b26ba0995983da3e7fee0f7f147b5778

    SHA512

    7ca6f1986c26c712f2fc8bb1af60f28e6c0d1465233bc69cab6c92b3d76cec725eda0e48d6e202f5f7a54a7c442e3b1fb5a28dc45bbc61857cf4a84395106426

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM679E.exe
    Filesize

    14KB

    MD5

    b51566647de09ccf8a48523ddb98150a

    SHA1

    e6c5ded3854c3e47d2333de26ab207cff7f1c058

    SHA256

    31f04987cf89cec677bdc1bc72429ceeedd001711735660b00c5ba26bbc0540d

    SHA512

    22ef9dd4dc7f85433850594b6cbcd2ba4f5e5a11ae5bed49ba63a73599b085839224a4e5d00da8f56070a4bededf55b7e5dc53faa59cde955ee651bae84aacd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6A97.exe
    Filesize

    14KB

    MD5

    fb62a288604de910b7c6d375d0e85f93

    SHA1

    9a0cc4aaec963dd6ed1200afa70de3b4d6cc6fa1

    SHA256

    3959c8528dba2fb7f5faf7251b91012d901c76e9c702b617d9545d5c9137295c

    SHA512

    a20c45c500d30245a61242cd03ae66662b86840e0923d80cee1dff3bb894cdcaa88b381ae3b8a45fa1ba5ba19d0284a51ccca59d5e26f558a4ce91690d2132b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMBA76.exe
    Filesize

    14KB

    MD5

    a9d3feda8f7c4189eb3f18a1ed1f6388

    SHA1

    caf64c0f0ea78cdc667f20b0a3118f91b8be57f4

    SHA256

    38cf94f619acd94449a2446dc1d4cceebd53beb8652f8b9eaa300ffbc6b18ae8

    SHA512

    9f0727b90f17125883ea72ae114c0f1242a4d876133aa3ed753ba69b76e38dbbaa871a55839b4351c4562fd7c32fc35444cef6292b951a5a9e8b558313c0c98b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMBDFC.exe
    Filesize

    14KB

    MD5

    056eba16fb0ebd309b2704446bebb05e

    SHA1

    ce0cdfdf3b43bf3d3dff760c0867206e9eb7a858

    SHA256

    88bc153f24a975f4f962e8f1a640cdcede24054337da972a1a1bd59926a654ab

    SHA512

    50e5f0b7ff76cb7673f949a0a994669b0fc8c6faedd16ca4b326503a3e0d8b3799bc3e3995cf57efa69a2d5c56cc238a6f8298e6bf75b28fea38e55cb4d4d491

    Download Submit