Analysis
-
max time kernel
79s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:35
Static task
static1
Behavioral task
behavioral1
Sample
a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
a473b5198f8f8a862cefab74dadef499
-
SHA1
765ed46149c8ee653125c9d98d27e6e654c8f03e
-
SHA256
d5ea117bf8c3f798f9d61f546af074e36f0162ce48af1c72210f76024fef82ce
-
SHA512
59a57c75af8c4a5c80c49f7f4a5fe4592b48c4770de15eef593f6469ab48a087b56fef0783727ad1d8dcf623f981a8ffd0afd35795e8e7cb9a04993f195b0364
-
SSDEEP
49152:WZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9h:WGIjR1Oh0TN
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4312 wrote to memory of 1860 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 83 PID 4312 wrote to memory of 1860 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 83 PID 4312 wrote to memory of 1860 4312 a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a473b5198f8f8a862cefab74dadef499_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\28525.bat" "C:\Users\Admin\AppData\Local\Temp\9225A02077C942F48C2C515CC687BE6E\""2⤵PID:1860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212B
MD5668767f1e0c7ff2b3960447e259e9f00
SHA132d8abf834cce72f5e845175a0af2513b00504d8
SHA256cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d
SHA512c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680
-
C:\Users\Admin\AppData\Local\Temp\9225A02077C942F48C2C515CC687BE6E\9225A02077C942F48C2C515CC687BE6E_LogFile.txt
Filesize9KB
MD5472db94d4d3a939955cfc964e0c4d4a5
SHA11aaf64f4b98017edce4054ec0fb848f8200ca91a
SHA25618440334d72d02943fac432b802a67a45d5b7539e0276dc5b4b5016341728106
SHA512c0b17b2e702dafa588877cbe56a15b72cb80e61f626db1deb86707c952a3df67f674a191bff1e2862019f89b05dba6c95d3445e4e0baedc04d9e67ce32cc9a07
-
C:\Users\Admin\AppData\Local\Temp\9225A02077C942F48C2C515CC687BE6E\9225A02077C942F48C2C515CC687BE6E_LogFile.txt
Filesize2KB
MD5172e912f5ef6c048e50237180d129930
SHA1780cffdb7b36c1ab9bea5dee4b3f4e5453e0de44
SHA256e44699bd9250c04303b28a9a4787b986a90d9dbaddb2b9578885350d679a399e
SHA51202a87af57ee8b60d04c3461637fb371ddc9a64d1b605be7401541c190c5a807706d5b52a2ae2bb95cd9e76badcacceea854a82d96f1bbdd3c0fe2b95053eebcf
-
Filesize
118KB
MD5d8debfd93ac886bff230286917310807
SHA1ecae62d2eeb608d091427a98865e1652b6bdd941
SHA25683ac957dc66c5cc93d261efd8bd21d8b55658ee11199094e24e9ed88d6ddce1b
SHA512dd5a746a62f16a5b2d39ad97b0bb3bf4bf215ca1c8166a2b21d43253828ac62ef3fa34bc6de5ff2b01eab195a9d6adf5f63ed374812002fc5fbe240cfb0a522e