Overview

overview

7

Static

static

3

JaffaCakes...a4.exe

windows7-x64

7

JaffaCakes...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2025 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe

  • Size

    14KB

  • MD5

    f9f7c996d9d37bf4ff3a2a12ef235fa4

  • SHA1

    6bde65981ad37dede323033d29bfc15cabbefac5

  • SHA256

    eac81d1cd5b67eb31b73b1835a3a0f19e5465a3371d39a361aa5d2f95e78f635

  • SHA512

    f419f5a5660f8853a9f231f2b9026ca83b3559c26faf1fc979f7766bb83b7507e5c241df6bacd81e41f7ba83574fc3cda9a0c3d12d8b3507f775906efd9487a7

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhX:hDXWipuE+K3/SSHgxx

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9f7c996d9d37bf4ff3a2a12ef235fa4.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\DEMCFA4.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMCFA4.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Users\Admin\AppData\Local\Temp\DEM26EC.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM26EC.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1672
        • C:\Users\Admin\AppData\Local\Temp\DEM7DD6.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM7DD6.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1508
          • C:\Users\Admin\AppData\Local\Temp\DEMD4EF.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMD4EF.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4968
            • C:\Users\Admin\AppData\Local\Temp\DEM2BAA.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM2BAA.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:504
              • C:\Users\Admin\AppData\Local\Temp\DEM8275.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM8275.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM26EC.exe
    Filesize

    14KB

    MD5

    adada66b26fc31536f17cc2a112b9c5d

    SHA1

    cec4c69f12a256f65e99200ee958b9216cb7fb64

    SHA256

    2833a9e26a302a8d62ec7d51d9f01c098f90c59dc58b5f4a6e29d7da4fe7ba12

    SHA512

    22cf91549a55b38fe312f8f62b52dbd52258b6f0b31ae6b2ea5bb11a2ddc4da4d2bc368393069d9b87dfb236d92d485c506568c610e9ae3e45487036a7eed07d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM2BAA.exe
    Filesize

    14KB

    MD5

    a2ed6d64b9a76b2ebb85d5b3652a71ae

    SHA1

    add1056da615017280b2eafe2a2341c4bf9dd95b

    SHA256

    bd6e95bcd7578e0d850771169e02032fabd1d0bb70460e6e12af70bd4c3e9605

    SHA512

    24ab347ab7c82851556d4d3d1d938494e6938c0c79829a47337b5d72823fc8abe9d6f8f4be0841067a80495ba8bd06af392e3ec0c0553417b80fabb14a09f5fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM7DD6.exe
    Filesize

    14KB

    MD5

    5c2dd12cd6fa704e73472de8f022d174

    SHA1

    6949deb20f0f82ccbe52ed69775ba457a2a8773d

    SHA256

    4dccf66f24aeb25591b99a1573e0deb10550eef18db5a792cd9f7156e47228f9

    SHA512

    2de3ae1a7d0628143a74faa02aa3fb6cac3bdf1bf520568ed3d080bcc22cbbaa04e33399f69833b33ea532a4a05b1140a925784be1a16b52c157927ee9f918cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8275.exe
    Filesize

    14KB

    MD5

    a1fe8a0a7ead23b2f8213ec7b9575998

    SHA1

    a57f937e23b23eaf6fe5fcbc89bc2ae81196ff5c

    SHA256

    1d495245e4a9dd7aea37e4ffc1fe649d67c094b5fa7ba0e266c54e52e0c76041

    SHA512

    8abbeeadcbf675be2dfd12e64756e86cb33879b48b0515ecaa7e4c20fd118666a19a8a239bc74fef7a212be42af30d70e75f8e9594eab54b5f965828a845c95b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMCFA4.exe
    Filesize

    14KB

    MD5

    7826f3688a4dbe78c0235723386806a9

    SHA1

    85d2f1eb7491624818d5978fc778934cd4e58f80

    SHA256

    7c71a75c7d61c973e98e8475a483148006e3e24d153c26455ac902426ed297cc

    SHA512

    83372617cf2cb427d3b1540f2676e84960caa995d867129af5a0aaf3b30c24682649f9e295232ded587dbdd1816517bf6ee8ae6c9bd4958da99a50997de42476

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMD4EF.exe
    Filesize

    14KB

    MD5

    18822443589382f2440a24feccae2480

    SHA1

    b8930d6e53d75f5ef59741b7026539600ff569b9

    SHA256

    592b988dc619bdec05d2ba24568eea09ef90db8ead9be21c61439f80bbaa6cbf

    SHA512

    141f4581d55886d632f4e992cce92923876765ef731492ff227e871c9db102696bda9b15148345b2cb64a16b7a70e701f16c1d38cec5fc0dd69584fcfbf2b5dc

    Download Submit