629f00da66c851f0ed9821d472c50b88481a454774b372360cf5dc84d9e9363d

Analysis

max time kernel
136s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f0522c79a9d65ebacc800382a4c3931_JaffaCakes118.exe
Size

191KB
MD5

7f0522c79a9d65ebacc800382a4c3931
SHA1

d4eacd2b67e73545a7df1244346752057fb6277b
SHA256

629f00da66c851f0ed9821d472c50b88481a454774b372360cf5dc84d9e9363d
SHA512

a8df3ecde2acf8d2de1a32d56b19ab1f3eea3f6f162e544dd7ebfd61e6037b50daa142101f2d4e2ce674ab37d40aa42d837bceb169f692c0b93d1b4a0ce216a1
SSDEEP

3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0dj:HAVySV1eY4k437d+4wkTHdS2L

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	7f0522c79a9d65ebacc800382a4c3931_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2920	7f0522c79a9d65ebacc800382a4c3931_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7f0522c79a9d65ebacc800382a4c3931_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7f0522c79a9d65ebacc800382a4c3931_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4744,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads