Overview

overview

7

Static

static

3

548f6abbaa...18.exe

windows7-x64

7

548f6abbaa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    548f6abbaa1258cd35aac4ba588c2487_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    548f6abbaa1258cd35aac4ba588c2487

  • SHA1

    cff3bd002e38e7265adf3b8e872e092b3147bd50

  • SHA256

    aa34cdf87b9db56b727daa5c26c9fadf1002de12be6e9249dc096d87d872c4d0

  • SHA512

    365809b01e029c26e2446dee18f47b29ef6bf1099fb99e4a6c86021575764aad331777e79bac9fac4cdbd03db9cb08560cb83e388846e380d603246698401e18

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYu0+:hDXWipuE+K3/SSHgxmZ+

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\548f6abbaa1258cd35aac4ba588c2487_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\548f6abbaa1258cd35aac4ba588c2487_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Users\Admin\AppData\Local\Temp\DEM614A.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM614A.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Users\Admin\AppData\Local\Temp\DEMB7D6.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB7D6.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3088
        • C:\Users\Admin\AppData\Local\Temp\DEMDF5.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMDF5.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1652
          • C:\Users\Admin\AppData\Local\Temp\DEM6397.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM6397.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:5016
            • C:\Users\Admin\AppData\Local\Temp\DEMB9E5.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB9E5.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2080
              • C:\Users\Admin\AppData\Local\Temp\DEM1061.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM1061.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:8

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM1061.exe
    Filesize

    14KB

    MD5

    ba19ba1fed20d6fa5d1c1965e6f502e6

    SHA1

    add1b16979c7db48c3732e9e23eebfae0016f0f4

    SHA256

    5c33e6db03abf3b2efad2542b958d839dd800dfdb672d7d781aaaa409be66f87

    SHA512

    23b12d7ee2e991fc4ba0df6b52546e1517fffb2a34217c80f0166c522751f0be12bd49002db25190a4c6a9ed9ff27e5068f2b5cd50ada91a60383fa2265e20df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM614A.exe
    Filesize

    14KB

    MD5

    31fb758e82479231421bc9815f4213a3

    SHA1

    8f6c33f7e3901d62b5e6a377aaa0545bd0368a91

    SHA256

    b92f98aea4dee0c3a87cb19da1732ae059882b16a2760e9182cf92c71da679cc

    SHA512

    510a19fc1468eebdcbd31f02348087015cc488cb0859121c6acfcf0145137dfd6367427c3496e0f82a3f4c00b1d7fa1f2da02736c129f385266676b7dd59eaa3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6397.exe
    Filesize

    14KB

    MD5

    f68572ef07b69cd3b59eab0af04860a2

    SHA1

    bdf42d6b43c8bcaaf97da8f8aa7a64b02fd2eaef

    SHA256

    8829cee491233243ece46c94c72147405b01c7f0f3d5a6526e1c9dca62e2f76b

    SHA512

    33465ca6f804606e8961af8c2f8eccc5936c024726c5c52c1959f76442562887a6a65ae7fb2ebbe4b3a224affc7ae05c5f671d2719c0de5ca5860cf7fcb07d04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB7D6.exe
    Filesize

    14KB

    MD5

    e81d37176d727c5970b9e8340550a710

    SHA1

    3c9f8d3b8099db0a894cd4135a37194912733d96

    SHA256

    5c85e001aa37168ddbda15163c6564e55c999a7d13c2c4e523a64edb62f15ea7

    SHA512

    cc92cff5e0a9e71491b7643f47328e77ba5c8dc330d59fc8d5644a37134095486738eb42167ca68b7ec7ebe54a180406852f19c8b03f1f6167914b8bfaf41f37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB9E5.exe
    Filesize

    14KB

    MD5

    10ebb785d295005d476d0ef383f3713c

    SHA1

    f2d42714bd2f338cf6418c768587921726cad9f6

    SHA256

    af4b4753286149204f5260aba1ad2b3534518c7f9db0be9113de3dc0ea737a76

    SHA512

    726bf84629ebe4c544a123c4f93dd81e8e7b132e9733a172d046431921fb2022da3727fc92028088e68cca68ee753c2afa5f5376aee058f229f0391ac64679d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMDF5.exe
    Filesize

    14KB

    MD5

    38990ba941cd9a0769e4873e2168aa8b

    SHA1

    a4cdca8e814911436c05f9de0c6abbdda8a9af94

    SHA256

    79e288027dc7168261153528c634f61875a1e20033601157c33943ddcfecf446

    SHA512

    e955aa84aee46826e871001f974e770ecb96d605d6515874a4ef0781f823d942469212ee6b43528f1e5ab7add87ff701fb34a628a794c41e938b1e0416ff98fa

    Download Submit