61afaba0f9c8f3990b504eba9074184780ce886b579f05be86b019f4d5042076

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

061cfeed00bef22552bf78b37a856404_JaffaCakes118.exe
Size

65KB
MD5

061cfeed00bef22552bf78b37a856404
SHA1

dd09ea08cdcd78d5309e093b8efad15bc62ea476
SHA256

61afaba0f9c8f3990b504eba9074184780ce886b579f05be86b019f4d5042076
SHA512

54cee24a4d5c24c5f9ed4bfd18e45609e2899cf708968dac1ae8ccfbef73467c8d8f43c85e22a6801ee1323ba0d950e8c723d158bfa7498704bd0f0cf5840c69
SSDEEP

768:hpuEzmsnz4uHe1QhkzepE72zml0FjisACKCKxhEjDLcKT+sgi:hpNz4uhkzsE7NlQQCKGDWi

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	061cfeed00bef22552bf78b37a856404_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\061cfeed00bef22552bf78b37a856404_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\061cfeed00bef22552bf78b37a856404_JaffaCakes118.exe"
1⤵
- Checks computer location settings
PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc239.exe

Filesize
15KB

MD5
52cae41d1f7fc73621ba0f718b702901

SHA1
ad9cd9224a7ceaad7f33535eb5882b55607f0524

SHA256
269d04eaadfaef381dbc32bb881fa622c5c0046d13ab489f947527cdbbbf675a

SHA512
88eed4d3db48e4e42453de097ce7b49250ba2718b5784598651052353ac08ab87a84f52f9beb97da5adb35fc34da4691b5e803df34952942e090e8d37f61fa0c

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc239.exe

Filesize
15KB

MD5
2cfd253b8f440979337dad00d0d7ee37

SHA1
27aeb6940e4ed356011fc33fe98cb54cfc8579c4

SHA256
1fc14a67abeb0feddf7a73e7f8b9d96e5811b0e1d48d31eea6cec94d0e60bf06

SHA512
0ec4fc64e3f534463a8d825221579a814afec3f0cfa99509a4d7a12aaf561cac66910a8b4436c552d3775319c1e84e1fa22a5e0dd79b1fd2e7add643f2016bb8

Download Submit
memory/372-0-0x0000000000580000-0x0000000000594000-memory.dmp

Filesize
80KB

Download
memory/372-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/372-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/372-43-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/372-224-0x0000000000580000-0x0000000000594000-memory.dmp

Filesize
80KB

Download