Overview

overview

10

Static

static

3

15dba174d3...18.exe

windows7-x64

10

15dba174d3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 02:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    15dba174d35163dfd0a70feacca77a87_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    15dba174d35163dfd0a70feacca77a87

  • SHA1

    5b5ded262a2e3def951c61e88495bfd4f48fceca

  • SHA256

    a57b89d1d3b5c8e7d8bb77c98a47273cec108958a6b43c7b30e750da2125a195

  • SHA512

    c18d13df6b481b560d2d4d683b7ab57231ca71e70136912c7d74bb9cb887dcd455741480004adc166a79465cd18d927af908c964c72d0207d23a6e50329c16e5

  • SSDEEP

    6144:CUw3dwqsNwemAB0EqxF6snji81RUinKchhyZS3T/:0dQQJsAD/

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15dba174d35163dfd0a70feacca77a87_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15dba174d35163dfd0a70feacca77a87_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4724
    • C:\Users\Admin\waoliax.exe
      "C:\Users\Admin\waoliax.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\waoliax.exe
          Filesize

          240KB

          MD5

          1854388deccc3102ef583382db21f6fe

          SHA1

          3ccaf9c2937e141fb6ba0b2f51d5e2418724eb46

          SHA256

          fbfab716e45cef041e11fdb6bb1a90d5e319d67827a47820d0bf9601cf38e226

          SHA512

          85641d3bf35eadb8f608944359ceee7fedf23bdb9af49877c61e4457efa7a2b49f834951f7e62dcb6f3efc933fd9b0ed2fc9741a26bc6df2007afb645ed42601

          Download Submit