Overview

overview

7

Static

static

3

54b822db6f...18.exe

windows7-x64

7

54b822db6f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54b822db6f3ed4466e3d75289891c574_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    54b822db6f3ed4466e3d75289891c574

  • SHA1

    0cbce7369d228d140430e3d081ac69af76b41c31

  • SHA256

    fa578cda330249b9fe8c94c4f1747f839294d810b0cda7a3c65a74bb942efb72

  • SHA512

    bacfc2dfa52a3c8075d8ae54a90bf604baa8866cdf18d46b85bbb4e359b24ad19308a23a85bbd8f9f299be47effcfc65bc10c74a91b5d6e52d13db50a42e1fa5

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYKB2+:hDXWipuE+K3/SSHgxmKE+

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54b822db6f3ed4466e3d75289891c574_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\54b822db6f3ed4466e3d75289891c574_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\DEMD65B.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMD65B.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Users\Admin\AppData\Local\Temp\DEM2D06.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM2D06.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3156
        • C:\Users\Admin\AppData\Local\Temp\DEM8306.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM8306.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2340
          • C:\Users\Admin\AppData\Local\Temp\DEMD8F6.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMD8F6.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2296
            • C:\Users\Admin\AppData\Local\Temp\DEM2F24.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM2F24.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4900
              • C:\Users\Admin\AppData\Local\Temp\DEM84E6.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM84E6.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM2D06.exe
    Filesize

    15KB

    MD5

    037ee90162f20c5a3614f341aa9945f7

    SHA1

    c1a15c2861cf88228965acfcef426d60ff1bf5dd

    SHA256

    25d03c575eceb6433ed51aca1335606e1642662a7998cc9c2394fb01b6eabeef

    SHA512

    de63c44a73ea8e19d4782eb0be8201b24482b9a255e0ecb820cafc61542a05d25f5c341f6180c43b85561c56763153133d79451aa3ae17555dccaf5f0d453a7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM2F24.exe
    Filesize

    15KB

    MD5

    f60331a95b5844c6bf81824d81c30a9b

    SHA1

    5e3f654845caad31c104b890a8e1cce5fd60cca7

    SHA256

    e5dcff7c1ea42586486568468d01c34133e4f57a7c4f9abc234e406aab12d243

    SHA512

    9e3f1ceec716baf365d33a35bfeb18dd7ca60599da4fc8fee8350ae52e8adb19496ec8c0e13101a6e062793251b0f0565d8fcd8e106584288334740f1fd2506a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8306.exe
    Filesize

    15KB

    MD5

    a80e5c592367968a36dd98133e162df7

    SHA1

    24e8673d99f017ab992a9c46770c6419e0caef1e

    SHA256

    f85c26ca62322c96f0f40cd43781fd1fd5b2abec2c04c0ee4faf74f67a46e14a

    SHA512

    4925981b4b930ae6eceacb3cde9c04a179933dbcb4d462b29e3e38a47ad67a3f9e93c963e9cf3b73d6d80051a180a2f74aa8605dc9e611adcb77bc2469963bc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM84E6.exe
    Filesize

    15KB

    MD5

    846960ada23b886717806419865b6bd3

    SHA1

    f7ebaf7500fb7470461d93e188450e2c912d1d38

    SHA256

    96ce138c56710cfd5d66a144932832979f7134802e8d066975dd7fb1e1acbd3f

    SHA512

    fe0f0652796a62573aa6e547b7962ece8cf2988af3d3dd05afdf8636b4180f01f244c4f5d200636e7f9e6c6c507b63bb29587b8496aa50388eeb254b48551a34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD65B.exe
    Filesize

    15KB

    MD5

    ed4489908286f520689b88afc64569ad

    SHA1

    e50dc6edae8618e68595d85f37ebc85fa888760f

    SHA256

    1ac9737a53cbd10331642edfa6627cf521be0d79a81ef2e263b4fce7b1438b44

    SHA512

    c7d67c4a8c7634f7b82f16b42af5611f69d3e572b3aa7d38f00ffd554c04b6ae34e4579f0a28f2668cad863f5ca3b6732a3e6e9989dfa2add3cc412754a4045a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD8F6.exe
    Filesize

    15KB

    MD5

    e351f5b5c507b8fc3318325de11ae1b8

    SHA1

    80a3a5a282b216008725b0e9223c19bc528fe2c4

    SHA256

    262a7416cb597dd2fdb7da5988017aac4ece118d7830aacf3cf177caaaf1a337

    SHA512

    780b3b26c2477ad036f0a369c13cc0852ff7a29d2126b18f523dd546a55e4e7b0e035b0c389f02d2268c0aa7c3a3d57e4331b2c49b346ff0b23ed26d81a194c6

    Download Submit