193ff5c20f9109cfea9d8e0cac930d86482630a4a2fa3b46f94a5e15ca57a362

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 04:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

402786f6ad317c5544c9c341a2e102a1_JaffaCakes118.exe
Size

55KB
MD5

402786f6ad317c5544c9c341a2e102a1
SHA1

2ea5476c3d3768080761a46f7151ee595818e4a6
SHA256

193ff5c20f9109cfea9d8e0cac930d86482630a4a2fa3b46f94a5e15ca57a362
SHA512

ddfc3e88f6d001b22e4b4aeac08559d1105cbe812d96e2f206f9097141babac077f3379dd03c16bb52e736638955a6ca48d51b3b11643018cff6b78fc4fbc1b3
SSDEEP

768:05AiIxdjMxIzDfs8AnREighegB2hEDvAn9KXLmuCLwYZ:05AiWjMmzDfs8A4v29080YZ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation	402786f6ad317c5544c9c341a2e102a1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1900	402786f6ad317c5544c9c341a2e102a1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\402786f6ad317c5544c9c341a2e102a1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\402786f6ad317c5544c9c341a2e102a1_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: RenamesItself
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmcobj.dll

Filesize
16KB

MD5
2e6a54ba2c50aa0cc627905d6fbc8515

SHA1
969c52f8bb5fad38a1391b926e7f269ef8f7d80a

SHA256
f33c96dd366c573bb6f6550566bb1ce5c2fc19286582ddcf3f7542d4f1152901

SHA512
e1cc37e3edba33bdb11fa307e6cbe9f4b7b75dc1034e1e29b246b30648537ce0ab18f8e51707e68ee8ddac34727f24bdd18aacd9e6d81da923f975868b9e20ee

Download Submit
memory/1900-43-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1900-52-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download