Analysis
-
max time kernel
149s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
07/07/2024, 23:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe
-
Size
100KB
-
MD5
2a285658b1fe8a572b22081b538dda72
-
SHA1
cf9b51945707d2b6fb6d2b2ea475b224d80ff881
-
SHA256
a085d5607ac92b73be8daad2d5e89727e067684dcb9d4bf0601dbda12de00152
-
SHA512
58f722497fb409607d66713e32c2d1884017b51791b29adf0c136cf8be1bdb655538ab77d29585261228b3f66746bdb203f8fd7e46e3d368818a97232d0566ee
-
SSDEEP
1536:JJ18iAuismyWsYJciNRw0wF9MGM9K/lKtNgCMbATbL3N+NM5EfbNIjP:PYdNtTLOM5sCP
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" miogeal.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 3948 miogeal.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /l" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /w" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /S" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /T" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /r" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /I" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /O" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /v" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /N" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /t" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /b" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /z" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /m" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /M" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /c" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /j" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /o" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /p" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /n" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /K" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /a" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /k" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /y" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /R" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /D" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /h" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /U" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /V" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /X" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /W" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /P" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /H" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /s" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /q" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /U" 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /d" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /E" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /Z" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /G" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /A" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /u" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /L" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /i" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /f" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /e" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /x" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /B" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /C" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /Q" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /Y" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /F" miogeal.exe Set value (str) \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\miogeal = "C:\\Users\\Admin\\miogeal.exe /g" miogeal.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe 3948 miogeal.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 3948 miogeal.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1520 wrote to memory of 3948 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 85 PID 1520 wrote to memory of 3948 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 85 PID 1520 wrote to memory of 3948 1520 2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2a285658b1fe8a572b22081b538dda72_JaffaCakes118.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Users\Admin\miogeal.exe"C:\Users\Admin\miogeal.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3948
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD5913b6805e65bae35e7125df9e1096c93
SHA195d33e3c569c9c0e2401f11a29c5c2537a87c0d7
SHA256958f9116add090657a468180d79273328769c2d6af3b3c0b32cccde803aa8a17
SHA5128fd5ea4e694e549037cd9a31015912d810804d3c51c7e5616e758993421ded83c08fda88f8f879cd15b3462cc28d1af92519f5678820ea648e526ce9198d2768