Overview

overview

7

Static

static

1

3eac9437e5...18.exe

windows7-x64

7

3eac9437e5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 07:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3eac9437e572b1e3dc5df999e54ef3fd_JaffaCakes118.exe

  • Size

    3.9MB

  • MD5

    3eac9437e572b1e3dc5df999e54ef3fd

  • SHA1

    7abf7c1d4ceaf21d0b0c50f2796e7acb0687f593

  • SHA256

    6455e443e28011c0ba8221863f343d1cfc1b23b37f0fca85035b71404c7d0130

  • SHA512

    38222591854db9015bb8096de2aeb87a7e9efac358c918e1b0ec852682dfca92c2a579345b5730d0380e97a36f0bd75f892aba17852912fb24660204968cbea3

  • SSDEEP

    49152:C9+hWYyRPe+K3l5Tkug1rqmWlwzrULVE0SM3Qpkexre62b8pXVdPjN1oAOGh:COauNLnFkt19

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 20 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eac9437e572b1e3dc5df999e54ef3fd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3eac9437e572b1e3dc5df999e54ef3fd_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Users\Admin\AppData\Local\temp\b685Installer.exe
      "C:\Users\Admin\AppData\Local\temp\b685Installer.exe" /KEYWORD=b685 "/PATHFILES=C:\Users\Admin\AppData\Local\temp\"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\b685Installer.exe
          Filesize

          2.5MB

          MD5

          8fe13fe5ea1de7b9cfee7063b73ae332

          SHA1

          d8c873835115995d3e46a157e79c09095357c961

          SHA256

          51bc795df58cc459d7b7ea2ac99a54d092a7828d8e2d6096104ba90f4ad755b6

          SHA512

          3986d1d9165802301b13da05a0f07cd5d30f182019db84bbf1a8905e7ec01edf43325d5a65b11d25d2211d79bf7b5ca83ab84ed313506bad174c6d619995c8f5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\ButtonEvent.dll
          Filesize

          4KB

          MD5

          55788069d3fa4e1daf80f3339fa86fe2

          SHA1

          d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

          SHA256

          d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

          SHA512

          d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\IpConfig.dll
          Filesize

          114KB

          MD5

          a3ed6f7ea493b9644125d494fbf9a1e6

          SHA1

          ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

          SHA256

          ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

          SHA512

          7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\nsArray.dll
          Filesize

          6KB

          MD5

          f8462e9d1d7fd39789afca89ab6d6046

          SHA1

          7e9a518e15b7490245d2bef11a73f209c8d8d59b

          SHA256

          48941e9f5c92a33f1e60a7a844d562dd77ce736fd31b5503c980b49679dfe85e

          SHA512

          57dee2253abd7d17d53811d5e95237f9434288518fb043645524a517786db2d8a91df86a6da732c620f12ad0e7ea30a923b8d5f3de386c65bd3ff240bc0dff69

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\nsURL.dll
          Filesize

          109KB

          MD5

          ee1c41db6834538ee4048ccfc45055be

          SHA1

          efbbfc884a3193fadf542b0bef387cffc86923b7

          SHA256

          8904eb2c575ac5509d1a19f7c14b6ab804e88c22e3c2232d45de4198cf9850aa

          SHA512

          312c60a27ee625c9454cb8403c575bd2f9562fd1288ae84ad648018b62e455bf89928acb2508e75be8e76cd19ac1127e873b1187d06fa265ca2e624e02382ffb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsqBB71.tmp\tkDecript.dll
          Filesize

          222KB

          MD5

          ea79ad436f5e54ee5dc2aba13fe1b15a

          SHA1

          66e248962bfb1f370796dac393621367638c21b1

          SHA256

          0ae09d65f5284409e6d9a2d40d7aaa8cbf1dd1815e67a9c12a9557f5de1f7832

          SHA512

          dbd40403126c6ef6f5747c900809140c8897376f03696247cd8d10431bec7abb0c7191761e8ea551cfde2234059ec087ffbca54510ddf0dc78b8329f598fab2e

          Download Submit

        • C:\Users\Admin\AppData\Local\temp\b685installer.ini
          Filesize

          505B

          MD5

          3186d155e855c2e2936ee589a0674ff0

          SHA1

          2c1db65bb961343f3324278c70235bebd9846fb3

          SHA256

          30803d858164db3edddbf14b36391db545707aa69296e214d3fd24dc93afc9ea

          SHA512

          520de0a50c82571e8a5d7de1b152d7974eb9cd02e95b8fc869de1c1990d364f37337e7484317af2ec5d3ec7b7caf6a448fe18f0d5079249b6ecd8905e291a6ed

          Download Submit

        • memory/2236-192-0x0000000073D20000-0x0000000073D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2236-170-0x0000000073D20000-0x0000000073D2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2236-186-0x0000000003960000-0x0000000003986000-memory.dmp

          Filesize

          152KB

          Download

        • memory/4808-193-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-205-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-195-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-197-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-199-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-201-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-203-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-191-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-207-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-209-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-211-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-213-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-215-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download

        • memory/4808-217-0x0000000000BA0000-0x0000000000C13000-memory.dmp

          Filesize

          460KB

          Download