Overview

overview

7

Static

static

3

39a73e5c92...18.exe

windows7-x64

7

39a73e5c92...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39a73e5c92e8e3a33b985120127caac4_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    39a73e5c92e8e3a33b985120127caac4

  • SHA1

    dd24a320d014191b63489652b2d2c7217dabbc36

  • SHA256

    cb5906eef6ea91e3fb09e901974d062799dabf02ec7f15eeff28cf7569e5031f

  • SHA512

    892e1bc0c13ef0764a7ae334ff85eb00e2c767b88ac42c1b28297b009813e50c89e950128528a543cdc5530cc66ac6d6f8c89c23377fbe38d52b0af17d9e4d33

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhIF5O:hDXWipuE+K3/SSHgxyF5O

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39a73e5c92e8e3a33b985120127caac4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\39a73e5c92e8e3a33b985120127caac4_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Users\Admin\AppData\Local\Temp\DEMA70D.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMA70D.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\Users\Admin\AppData\Local\Temp\DEMFDC9.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMFDC9.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Users\Admin\AppData\Local\Temp\DEM5445.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM5445.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1380
          • C:\Users\Admin\AppData\Local\Temp\DEMAA93.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMAA93.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4228
            • C:\Users\Admin\AppData\Local\Temp\DEM12F.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM12F.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3108
              • C:\Users\Admin\AppData\Local\Temp\DEM573E.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM573E.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM12F.exe
    Filesize

    14KB

    MD5

    428ed4857438ce56877ec8aac3e550c5

    SHA1

    26d4a3dfb51e0148e9c6163336547008896b0f41

    SHA256

    cea9a99e96eb97f086c2ad9098834413cd72c75e51df53a6051e4dff9a040c59

    SHA512

    5e79b19f1f4c9fff0a1658d1a137bbe957d9f17d8a28286ce1861c0f143b34616af76178ce8e48661f6aa4947d39072f9a6d56b3bbf0bb83f93818d48ac52d6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM5445.exe
    Filesize

    14KB

    MD5

    b37edb651bd30ccf099eabc22ce15b53

    SHA1

    a32b9baa47bd0566986da28aadd17a1232d234c8

    SHA256

    fd42a5c41b94a025cbe6b60d68daa4162c1b09675b5e110856da27e948d5dfff

    SHA512

    3b234423585c2ea5712b821d82ad1bbdc31905308915d7b18d7e0e952cc204a8c41bbc97ed760c559e98706efcc7ccde360dad83524333ecd366f9b3ea135246

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM573E.exe
    Filesize

    14KB

    MD5

    4dde7cb440fca0ffa37605274f36d7c8

    SHA1

    623f1d5ee3dbb4f14ec6637c8273258b1627335b

    SHA256

    8179e3106fab1c3da39c9afb5e187e39d1e72fae2a0d3864faffd53454de39d7

    SHA512

    5e961615a0b8636e93a497a830da1e88556598a6a057be5fc5328ef41d81ffe56d6c4bd9a7d8a3545f2bb11b6f0e4751b19fcb55d880ddc234d6486148233677

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMA70D.exe
    Filesize

    14KB

    MD5

    f76043b0cebb185e5245733fb9682079

    SHA1

    11fa617deadb706b78e968814e18e72c3c439478

    SHA256

    6e8ad233ec273c3738f67742670c64c5ba56c8ffd12650b1eb9bcb267010d6e5

    SHA512

    f29fe5346f5d035760090473c6120aa179754950851743397196623e3148ddad24563625aae702cc85e311b143668e19c5796a4b3668934f0b7e45bb61f467ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMAA93.exe
    Filesize

    14KB

    MD5

    66f64b00f7f7a7b3605f59b668413f15

    SHA1

    5c583344921dee71b129e05b50ad124c481bf0bf

    SHA256

    00066d63437c8ea45bed4e34bd9d0c298effeb86b2e6bd921156a8a98a052031

    SHA512

    65efc6632b063263d9dedd1c235a88974b153b58da634e7a2aec25228cb52c2387cc8b2fb5633c571be10909ffcd48905f013f2c6766f5ee8a27f7a432362569

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMFDC9.exe
    Filesize

    14KB

    MD5

    57f662a2bc38124cb72f5b2b923314cd

    SHA1

    e177032d6acb74d18c25c24d7d24024a95b6c3b3

    SHA256

    3085d93ae0eacba436fced108a21e3c4985c1991a0f15e28b9dbf7333521d95a

    SHA512

    bc72e174a5305dafa9db21939e94a1ea83237bed0337d2c7f3fa05eeb0bb2cd3960dd8642149923f18badf55b1914cbfbfbce0e650ed49c28c8fdffb42f7c468

    Download Submit