Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
11-07-2024 04:33
General
-
Target
37b7348d826d74270f98a4470357fd2a_JaffaCakes118.exe
-
Size
18KB
-
MD5
37b7348d826d74270f98a4470357fd2a
-
SHA1
4c7d319301a5ff5d2cdf2ae29089fb833b5eb353
-
SHA256
d70d4e7b79f86229b6deb2fb08e97a80e372ecba745947fe5b1a4e8399ed51ae
-
SHA512
ac8a630a0572ed4b1ad862a48aabf8c78e31bb4b782f239347e1139952d47cb6f5979e19afc45a9b002230486d2d6a51e954b4c0f8994633ea59d6442459620a
-
SSDEEP
384:7LOwsDhN6zzRCTvYHCvVQK/KXcRY1VDRWK8GulnEuTTtWOeo:psDhN6zz0Uq3KXce1VDRD8DlnEe
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37b7348d826d74270f98a4470357fd2a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\37b7348d826d74270f98a4470357fd2a_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awer0.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
302B
MD50ca869449a0d821d6a7e9c6f66de832b
SHA13604cf40ff63b3f9d7e091a9a3cb7d7334b7c0a7
SHA2566877a63c55db22933226d43bd599cde1397cd86c3f9329ce9b5b2f2966be4f81
SHA512b8add621c3c88091c917649d5f2628f329f6a91c200884865eba04dcb43317dc7da3e4aff329d9224c71731ed17d95820abd78f6ac6286d27be32a664d32cc16