0379f22f87db00624d4f2c92dbc93f895c481b67bac13dcfbc270ca95f22d616

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe
Size

191KB
MD5

8c90e3c6ef8424cf68816d0980ca0bbd
SHA1

97042147ae708fad89348aa55575e222719e25c0
SHA256

0379f22f87db00624d4f2c92dbc93f895c481b67bac13dcfbc270ca95f22d616
SHA512

0d4bb376428105b29c758d99d52840326547d884935748987058d464433485ae15413198b1edda9b38681ed03e827905a2bf37962af8f5e1af4090715e03ebbc
SSDEEP

3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0dx:HAVySV1eY4k437d+4wkTHdS2p

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1800	8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8c90e3c6ef8424cf68816d0980ca0bbd_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...