a02f80805f2a774396b6bf8828c2f63a054fdd286d1632fa05b967b0080ee826

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 06:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe
Size

79KB
MD5

f76d926b752aa7e89953811b4db76e36
SHA1

5db4ecb13e10641cb4a8a8637a8e7bfddb0397c6
SHA256

a02f80805f2a774396b6bf8828c2f63a054fdd286d1632fa05b967b0080ee826
SHA512

41fb64ff3d10ffbdd86a1d43ee8d95b7a0b4773dd04fc62fabb56dcf587519ea38e1134434fa93699dd3b86b1922edf171b336ca138fb501d9228da058b0f5b4
SSDEEP

1536:iKoYJ/VnGgXqkwk885iXMmX5zGpY8A24xk6p:1oyVGZD8IMm6J4xk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 3296	5104	f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe	90
PID 5104 wrote to memory of 3296	5104	f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe	90
PID 5104 wrote to memory of 3296	5104	f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f76d926b752aa7e89953811b4db76e36_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Xwj..bat" > nul 2> nul
  2⤵
  PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Xwj..bat

Filesize
238B

MD5
178cd338385a23fda70df122c57f0b82

SHA1
20f1cb8fb1c5be261e945f8023893798f617dd57

SHA256
fe32d2c16c37f55bcc60275272f094c70001afecc88c6f1b914b3518e137f2f5

SHA512
ff417710f29bf39432aa742c40a3798f10e537b0e1d7a9b4ecdf74b53ed2117cfb1e2c7ce33e6f2ecf89b26d9d7d27d25e663f7788741ba9f92f888c13980a32

Download Submit
memory/5104-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/5104-1-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/5104-2-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/5104-3-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/5104-5-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads