319f6ba764101bb7633976fe20fff7fae9b9461ba7a0d66d685f23eff405fe03

Analysis

max time kernel
134s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
Size

1.6MB
MD5

7113bca974e34270da5aa6834a3db55d
SHA1

2dc327ae359e9d227fd63dac5eee147761757a51
SHA256

319f6ba764101bb7633976fe20fff7fae9b9461ba7a0d66d685f23eff405fe03
SHA512

6d3c4ac8f291cada7ba3c6fd09de531bd26ada7bc969e89a85c7a64c523184a27b04613cb17a19f3a30ebeba4b650c372d4c7419b7e114739b51a52875959961
SSDEEP

49152:TZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S97:TGIjR1Oh0TP

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2596	1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	105
PID 1500 wrote to memory of 2596	1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	105
PID 1500 wrote to memory of 2596	1500	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	105

C:\Users\Admin\AppData\Local\Temp\7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\25911.bat" "C:\Users\Admin\AppData\Local\Temp\283065B68EEC4DDF842C4B2993E4A8B6\""
  2⤵
  PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4152,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:8
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\25911.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\283065B68EEC4DDF842C4B2993E4A8B6\283065B68EEC4DDF842C4B2993E4A8B6_LogFile.txt

Filesize
2KB

MD5
0f69d6498f22e7b74888396b29d970f5

SHA1
b14ee219dc5aa36fcdb7b65e8173f616976a59fb

SHA256
45d7596ec100e4081c11e5a71e56b2d21a13e5460adeba933727235f0c98aeca

SHA512
5c8a02d41589f715ae091e767725fb10d94241ad213cdcf4114e8c163a1c31638d263de0f895cb29d8053a95305df430170498da17b10c192a41312f55cd090f

Download Submit
C:\Users\Admin\AppData\Local\Temp\283065B68EEC4DDF842C4B2993E4A8B6\283065B68EEC4DDF842C4B2993E4A8B6_LogFile.txt

Filesize
2KB

MD5
1967b5bde891ba5c10efbffff91db0a7

SHA1
39a44bccbf92c7f781d25ec454fc1a7eee6a8adb

SHA256
935657a9da69c6cf36f7b4e28bc79aea01a8ab28ec654a0f6ff50c3b818cf3e2

SHA512
0f6070016e236d658cc07731164070584f2b2db212806c7ba603ba12323ef4bc815bad912ddcf15deca94d7ceb859e2d476100e37e56a6dfda1e720456fbadee

Download Submit
C:\Users\Admin\AppData\Local\Temp\283065B68EEC4DDF842C4B2993E4A8B6\283065B68EEC4DDF842C4B2993E4A8B6_LogFile.txt

Filesize
10KB

MD5
b5bf7a885239530227f3b25828a95a1e

SHA1
402fd3a569fcac8244e4cc58daeba2af9c753eaa

SHA256
ec086274012b3eefe1996da1dbfaf0ab977eae44756aabbd882c1a2eff4d2d3e

SHA512
796493e95b5c1d67a1701737e08e520a5650759825cca321825d4377ca56fd6b9a543fd75a0288cc6b742b45d1c6a1a7eb9ff6bb4493693704d6e1894550a867

Download Submit
C:\Users\Admin\AppData\Local\Temp\283065B68EEC4DDF842C4B2993E4A8B6\283065~1.TXT

Filesize
106KB

MD5
c65825e3121c70106bb226df13d46e06

SHA1
e17188b8d4fa7914a04098457f10d07240b75dfe

SHA256
6abf66e19b159a4394649561326b3321125eba9f6ec20bde319f6c8e7d98d878

SHA512
9dbf02a9e2c3661b5a9ba5bc84d96d548659ca9091e2798d46f4ff53303c6706ff708b4dadd4c65a9ad03e3c6e7cdd0c9b09a19e8e7aea6e74228bad06dd2b51

Download Submit
memory/1500-63-0x0000000003870000-0x0000000003871000-memory.dmp

Filesize
4KB

Download
memory/1500-186-0x0000000003870000-0x0000000003871000-memory.dmp

Filesize
4KB

Download