Overview

overview

10

Static

static

3

15f360936d...18.exe

windows7-x64

10

15f360936d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2024 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15f360936dd689195a964bb9897bbd37_JaffaCakes118.exe

  • Size

    332KB

  • MD5

    15f360936dd689195a964bb9897bbd37

  • SHA1

    323bdc5efd861bcb287e7ac134ce79e859913e96

  • SHA256

    a2f9e6400ffeee9d013dcd406a4c72e9185846cf5cd61434264cddd386a17737

  • SHA512

    00ead08567a19cb3764c198151933c8608dcb3a20bd63b78941c699d6a4b2facb74a211908e5a57846e6e4bf55c42bdf5a36f32b295cec021f6aae6b50dbbe35

  • SSDEEP

    3072:ejf1i2Dwhe6YIRnbXtcU7lyzKqc+kFuuf1op2aEaDFHT+7pvPxvNfjuk3G/:bx5Jjoufxla8x1Tw

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15f360936dd689195a964bb9897bbd37_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15f360936dd689195a964bb9897bbd37_JaffaCakes118.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4328
    • C:\Users\Admin\coekiez.exe
      "C:\Users\Admin\coekiez.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\coekiez.exe
    Filesize

    332KB

    MD5

    a60157135de7c70d21ec3b11ac3128a8

    SHA1

    c597bda647bac8f3a76c2435e657d59c6400d7b8

    SHA256

    2b051ea6528e07448f9d196a8a071130a7179ad6c85e6669678f95d4ef7785be

    SHA512

    1a99bcaa5ce4d518cb8c41c16dea1f314efda4a4f1c8751372e332b583dc0f179b1419d9dd293f5833334360968f4b41c621fcebfbc01b039621f7e98475e499

    Download Submit

  • memory/3752-33-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/3752-38-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4328-0-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4328-37-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download