Overview

overview

10

Static

static

3

1709e7af5a...18.exe

windows7-x64

7

1709e7af5a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1709e7af5a45280e565fa95f331404b0_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    1709e7af5a45280e565fa95f331404b0

  • SHA1

    e30a3c9ba1a0feb4050ff28dec9b8f066972ae5e

  • SHA256

    df77f23a93811be258c168169a6245c3a7c8ee7d37801b985c9e745e88f2c5fd

  • SHA512

    65b4a2f0df5f776d9f9e5fb55585395deb20101a370e49e2e16764d6d9ee83756e440b894696fd58daf27119324b9a7c7279e18ca4023373dc41ef6a0eaf0296

  • SSDEEP

    24576:/ReoHLlYd7vb63wWgombBhfJgey3U5DY/ohuQW/t3jt/g3FsK06G:QohY1vqU1bBhfm0O1v/g3Fn/G

Score
7/10
discovery

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1709e7af5a45280e565fa95f331404b0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1709e7af5a45280e565fa95f331404b0_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\PCGWIN32.LI4
    Filesize

    528B

    MD5

    2fdc7ebb58ef8895b7ed3891a880a9aa

    SHA1

    27afc960e494eba45ec2508eef1e8ba93ffdce3f

    SHA256

    020c09e189530ecb5e3ef2a9deb8e576ac11c43c5ecfc9c3fac0da5b11ced3c1

    SHA512

    620eded33334301392876968693c8ad40db9f745d8ce02d9a891e21239c2252121d71ad3baa656a14cf9238fc53c2bceee0f0cb514e35111c6add86d73dae62b

    Download Submit

  • memory/2408-9-0x0000000000230000-0x0000000000245000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2408-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2408-14-0x0000000000230000-0x0000000000245000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2408-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2408-11-0x0000000000260000-0x0000000000270000-memory.dmp

    Filesize

    64KB

    Download