b1e5f143f1d3467f4a2c5f78f556ffd8ba2b1c33bdcd58159f4bd00835cdaa02

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe
Size

5.1MB
MD5

ae0a3a11f7967cb5be656f08fb110f4a
SHA1

857feef8f25c6a5261d52242b9494c2798076c69
SHA256

b1e5f143f1d3467f4a2c5f78f556ffd8ba2b1c33bdcd58159f4bd00835cdaa02
SHA512

6321d76e72e54f1b3bffd05464461d1e4a38dd976d5921ffd8422892a8a28bc45f741e12b216d48c06bf76df019f0d123f9cbd9ded3be825fdff411c84164158
SSDEEP

98304:60W2r2SZ5RtL1ln3Tk88tKkA1i5BxD9f8f/UR+ANvs/hQPtOg3ZmaR9HRAD6Plu:1XrJ3Lj3wxtgcFZf8HDANvehmcg3kaNu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4472-0-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/4472-68-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2460	setup.exe
2460	setup.exe
2460	setup.exe
2460	setup.exe
2460	setup.exe
2460	setup.exe
2460	setup.exe
2460	setup.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	setup.exe
Token: SeDebugPrivilege	2460	setup.exe
Token: SeDebugPrivilege	2460	setup.exe
Token: SeDebugPrivilege	2460	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 2460	4472	ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe	91
PID 4472 wrote to memory of 2460	4472	ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe	91
PID 4472 wrote to memory of 2460	4472	ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae0a3a11f7967cb5be656f08fb110f4a_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Skin\Inst.json

Filesize
6KB

MD5
0159e63a0a2cb0607f1ffa0d9eecdd97

SHA1
ccc7353ad12d53a3f897af82d3ac54ab22d4148f

SHA256
e90826157266661ec61cbe3826185004eb7da6b6f56bcddc4d7d17efbfc5bc16

SHA512
079379c97f58c5b3188ab1ac6135ae3776f88246eaf7bd310a0a9a96adbad931274dcf8252161498971b92aeb2db6b2be0bbbe0356630eea397b3490dee11f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Skin\bgInstFirst.png

Filesize
34KB

MD5
17e6d3b07defc613cb6fc18a331395f7

SHA1
7b04c045b5fff91c8f3ddf2569524bbf2082e720

SHA256
5dfa422d8ac7bbd4593903aa399f64841466043aa08cf22039b80a38033e8ae9

SHA512
6086f909c3a063aeff92872a93c699d043cd950d743b90ed9cc6299c6f5c1cd09b03393549c1827339d2ac9a21907a79c03181e2aad9114ef6f699dc12d6a47d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe

Filesize
99KB

MD5
fc01c24fa79f6fb3f095891d1b682b70

SHA1
c8162b297b6c4682f7de105d9feeb925925a3571

SHA256
fa1edf2f6c7b9a1012d5d15515221195a4d65cecc28b6f7a0a0d2c6d3f3e1f72

SHA512
c9030e4145f788501094338ed47ad9f281ad78dd82c5b04effb8cd10c0350ecfef27a015264ffd93fe09f156110ff87371764c0490e4a3907d2c7d75ed1fffe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\bgEdit.png

Filesize
1KB

MD5
7eaf517643009296bc23de505db5599f

SHA1
1b24eee549a8dff02311baccce4a45cea5d3b35f

SHA256
692209112645aa8dfc9e59ddf530be285c76ce796f2b905e90c678ae95dc1f88

SHA512
0eb19490b2449c042236cce2b9461fd86d518b11eeb22449c166ecddbc87d1dc7ff5eee7eac51b317bae4267c67acb0564bde38e7b727c3a32cfecff79a4f24b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\bgInstSecond.png

Filesize
43KB

MD5
1b3e69432aea702ef4a0f370fa068ae5

SHA1
6576fbccb984b9f7888062eb8715076c35da86d8

SHA256
3f9ffaf4c62715bb2b3481890ddae297b18a8a9d9283fa0d9bb5cb862b49da62

SHA512
961332c66b57787ad4b6a84b7a4c55f1435d8430d5515373c6b042050e66e470ce816b5b057fc1a5c2ba8db7598d2cf4ed61422a6f5f00dd4a8c0bdd57bc86e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\bgInstThird.png

Filesize
44KB

MD5
c0cb76871683f8553777a000509e14ab

SHA1
bf764c30f29eae05311c7cfe3854523439f3d4b6

SHA256
54b694e208be2d082d2bfc230efa80775a0875ad2e6bf78fe7621059c292c28d

SHA512
1ae6bb075aa5c498d34e08a37e688decc1fcb9abe6ffc6ea542bb89d86eeb1dcffaa17f8d8ec3bfa21c45e9b8aff04d0cd335fece72b42abd2d0f8aa811a7ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnChangeDir.png

Filesize
2KB

MD5
c2bbaa679a890c43f6de5b926d56e77b

SHA1
01e6206280a48f4a0b047835da91c420120678a4

SHA256
d3a4ba1b3fab9d5c5042a9bd54aabfadeea681fbb2cafd5cb00bf240892adb87

SHA512
8335fcaf21290cbdcfbf78ae7ee9dd6f17d4c6cece60dead10e495239a03aca04ffd19a50c29f0356fb3661e003c8088e7c265184ef4c20408e1373e5c9e4cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnHowUse.png

Filesize
1KB

MD5
2f73902b05210729070c2862608d49e0

SHA1
3189c37d0d1ae227b50e87249e258d06f0366275

SHA256
69aff3d18caf09dec15efaa80057ddc2e749ada9170da7f5dc48b56707cf4ea1

SHA512
07b47a4cae708396836a79ad1a9228d3e5b775e100d7c8699e04dff9bfce1a03df8287b9e30cb9e2b2ed25e55fda474eba323d466af9f93e2a0e0ca695328d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstClose.png

Filesize
1KB

MD5
9c39df2bfbf550067587d2558e72d807

SHA1
89038ddbcbfb0d847ac4e2dd1fcfeda710b92fb9

SHA256
e35ac727677aad4f18c8083e948e7d8f125f02d02ef1be572435b138d60f0044

SHA512
f177b02de5710d320efb3a5e1d39d67cb2484cfe73287098b76ee001f42a3b6301bc41c16eb33577ed4f554ad635c4f7767dc410dbf5ef2de8e13ddb39f55b2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstCustom.png

Filesize
1KB

MD5
87bdb204984b9306fcc8ed5aa2b5f12b

SHA1
bf94e5f82aa94b969f4dfe03522df9d0c3cee3df

SHA256
0ad8e731bdda77410041c3b959299b0c9ca06547e8004330d4e2e2f333a57ccf

SHA512
2a913303f0e8e639f53f2ed4831ae56f6806c6bc4cf484651d581c8e9991ddd52e39f3c42e9a9a3ab76cc9e172605a99b4a776def790920bf54de241f18d8b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstDone.png

Filesize
1KB

MD5
f2c9dfa8e7955f977c3d51a4fe5bca2c

SHA1
c3ff868077393210c9700307ba348f6b2c7671f3

SHA256
8d453657e06c43776cffcfe177a7264178e8c8ffadf0ddebec18322692bf04fd

SHA512
3ebe1e06cdd2d386ae2e736cd5b4d5cce6004023233f4a9675dc5a88a6e6185b901e526d35da84f796778ff32faad26d5fdfa5526534988b5379b6bfd6efc972

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstMini.png

Filesize
939B

MD5
85a99c763425e06a9bf97416df0af5f7

SHA1
27693dcd29d1b4751e6cce87b91c840f36e2f3b6

SHA256
338d999814b82cd2dd2cb8d71d387691f65a0389be9114a5f8d7fa3105ef1451

SHA512
5d7c0d23fb86d9fc6ec8ac4d6091a4b9fbbb74123bf0b7dae8e7f42532581ea28d4786bac2ef45c5db9e257c4d034d96f1a5c0b536c77dce214b44dfbf6f6196

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstNow3.png

Filesize
5KB

MD5
b33a3218916c7033b0879ca902c82d7f

SHA1
5323f5839e0727adc269fa1e715258b61fcce8ed

SHA256
04cdfdcf65dd88dac239acb7bf58f1b940be37c7e016601be5da3fba1dcd11e0

SHA512
8ca1900820305d4ab8d87874913412596696b1f666ee9ea4da563ca8889272628a347a7562fd2ea36397bbc12ccefb156366c42aa7244677b4cf69219273ab7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstNowSmall3.png

Filesize
4KB

MD5
2f64963954fbe4c4707768ec4181bc0d

SHA1
9af4041b57aa2d8abdd986559df49768735f989c

SHA256
778f107d099f66364d5726d998b5b530774e9bd162f6b1e50d4c57557e2ef1dd

SHA512
95306475082dad47710b55db17b6c12f3e88383237fa443975061c6cc5c3acf83446c811d941df51a2314bb28277c25aafe6383e4df91396280ede2e9b76016b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\btnInstReturn.png

Filesize
1KB

MD5
42976189bf20a509176d6b789c82019c

SHA1
a340df7dc405447180e974a7a28f33f330a6d619

SHA256
c28123fe623dbc43340ea6af30228e4485083bab0e19d6095fee3de62fd8ffc9

SHA512
f9f0ca0db9864685802c0a352af8382b5e6fdf0861272063d49ab7840894e991b67cc8587e2cd915b946e0b7c8ff35d4a28ddc4ae8bfe7b7a1b1e334e83696fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\chkbox.png

Filesize
1KB

MD5
9a0b765e2182adffac1082adeed571dd

SHA1
3302f1d569816d2b6cc021c2da97e8db0cf2be48

SHA256
07b61cc809889e8ea2f9452cf502a695763b65cde3fab019586aa6000763524c

SHA512
943a5be927b515b28356e84ee64f5126beacf708c4c27eb6d625bef342a385363bc9b38dcc61927dd749fac453375acfb81631628dd5ff89b3154b5c66959191

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\skin\progressBar.png

Filesize
1KB

MD5
9357fae7fff191d815f13c0b81cad9d7

SHA1
27fa6ac3cd791f8799798510d1022d532d867abd

SHA256
1207fe4ee4e65d431e54f58d8c9e046b7a12666e1c5ee4ccf5565937368ccf5f

SHA512
15ca6dcc4ce1e767d9a3ad97f5362a46aee807657f773d3237260900af5036b184c1f14f7c624d0f74ea7244620fff96ddf427d5d08b703749edec6db99b8398

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\wizard.dll

Filesize
2.4MB

MD5
e42768234c7e0566b74366c0bca0daaa

SHA1
82fa37850971f13e72e19fa882987a8153e55eb3

SHA256
7cb3bc15ae22fadd65ff7e41ced7d638e9cf79c45fa73d359b4f4c85b9d700a1

SHA512
a2babcbca5c91a6810094a1e82d4c18cd0820bbeb4e8d2ffc9e09d4b454a6363b19473706bc71aac0c27c85081665021ee7e94ddd5c65150204b258470a68e23

Download Submit
memory/2460-70-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/2460-64-0x0000000010000000-0x0000000010261000-memory.dmp

Filesize
2.4MB

Download
memory/4472-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/4472-68-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download