Overview

overview

10

Static

static

3

75b7e4f3b0...18.exe

windows7-x64

10

75b7e4f3b0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75b7e4f3b01e4cd62a83ed1aca10e497_JaffaCakes118.exe

  • Size

    503KB

  • MD5

    75b7e4f3b01e4cd62a83ed1aca10e497

  • SHA1

    6647e17778fec92a27d34caa7e8f0015ac602a98

  • SHA256

    c60d84e06944cfe3219b64107d04608960a4fc2cf6abe4763f13bb1fa46903d7

  • SHA512

    97b5304f058265ede2679ce80dec3fd9224a18a4a32aaf822d3a48d26d361f0cfbdf9e9c1997d65c419e834e5c1aa3a3c8e61fae45106f30df0e8ee3c5fd1ffa

  • SSDEEP

    12288:5HGC8w0ueY7YZzU4LAsLrYpKCEgplake5NhitJE95bf:wC8wfzqUsLrYppEaYv5b8WHbf

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75b7e4f3b01e4cd62a83ed1aca10e497_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75b7e4f3b01e4cd62a83ed1aca10e497_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Users\Admin\AppData\Local\Temp\1.exe
      "C:\Users\Admin\AppData\Local\Temp\1.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4424
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 548
        3⤵
        • Program crash
        PID:4532
    • C:\Users\Admin\AppData\Local\Temp\FreeCryptor.exe
      "C:\Users\Admin\AppData\Local\Temp\FreeCryptor.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1960
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4424 -ip 4424
    1⤵
      PID:4188

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1.exe
      Filesize

      659KB

      MD5

      4fd74e6219c0325aa77c1f9a2b93ea21

      SHA1

      34275051b24702f4eaff5fbc9bdd1d63ea115113

      SHA256

      efdc3759d6b3acfa8d016a4d3c48ef683f38ddad4900ade0e00f8555f77ec145

      SHA512

      8f3f82f77da3fc1e9b925c635bdbbf17e9e850d4e37bf92e1126c99480b70759f08ea490ca1b66cae029dd6f7affe4e33ceac5ac761658653a24a25135c887ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\FreeCryptor.exe
      Filesize

      29KB

      MD5

      e11341b03bdb5c57d2eb2d5c58682e18

      SHA1

      4abe9584d36840808cac0a1726003af505acd63b

      SHA256

      39256fb67d025860790025b7576925df76a4ef1c4f8ea59015ccb8499623c0da

      SHA512

      4c08da90eeee01d3b14fe31b433fdd231fc158c8f6a0aff056055da2748b3525a36360dbffedef369261cce5db31e556d06c2e5f7f8659c7009fcc10dc67dd15

      Download Submit

    • memory/4424-16-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4424-22-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download