33dc99dd0c1756546625ad7ae9b557a6bcfc1e115fa6b816d46c76b8269b6944

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ca0634ecdaca5bf54f327e0daef3095_JaffaCakes118.exe
Size

81KB
MD5

3ca0634ecdaca5bf54f327e0daef3095
SHA1

1d7a34c927999dc797cc0e5cbae7861f5ee4b691
SHA256

33dc99dd0c1756546625ad7ae9b557a6bcfc1e115fa6b816d46c76b8269b6944
SHA512

01fbefd0fc5920be1f2425403136f7b81e1567d95d35b57a137c85153a05fd319bdfc6614ac73dabab651cabf2d8f4db869e592566154180eb161fea8e8dc154
SSDEEP

768:CI0JZbxR2OjXwSP7btrKYKRb7YELnupXt9XzWfTF:CzZRXw27UYWb7jLwjSr

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	3ca0634ecdaca5bf54f327e0daef3095_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3ca0634ecdaca5bf54f327e0daef3095_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ca0634ecdaca5bf54f327e0daef3095_JaffaCakes118.exe"
1⤵
- Checks computer location settings
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-0-0x0000000002170000-0x0000000002188000-memory.dmp

Filesize
96KB

Download
memory/3888-1-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3888-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3888-43-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3888-46-0x0000000002170000-0x0000000002188000-memory.dmp

Filesize
96KB

Download