Analysis

  • max time kernel
    51s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 07:35

General

  • Target

    a473c320f4526faa293f55a5dbf2a638_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    a473c320f4526faa293f55a5dbf2a638

  • SHA1

    72a26f0ba68e4478407ddfe0cd9c963ac4581462

  • SHA256

    cb0da02521e07f7257ddd35e44595442b357971babf97a8bea2c0a5d4d6e1feb

  • SHA512

    54207c4f1464b67142897b359dc7e99a0706e675fe4ddf574c643ae5239c5e51a681d307d9c3c9473753e73ad2613f682f7bceb741e615b02fba88ecdb0e1bde

  • SSDEEP

    3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0dp:HAVySV1eY4k437d+4wkTHdS2B

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a473c320f4526faa293f55a5dbf2a638_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a473c320f4526faa293f55a5dbf2a638_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    PID:3948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads