91ff900fd913ae4112099bd2063e20c859d3d6d82deb80e1cec35755f5828301

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe
Size

124KB
MD5

46098d5b197a07d66b0c19613850b812
SHA1

e94b7ac1e8a8d4f253fd0a533dd7a06f83ff744b
SHA256

91ff900fd913ae4112099bd2063e20c859d3d6d82deb80e1cec35755f5828301
SHA512

3bf5d111d65338d258deb67ba4cd575864e5a560391539c03bbae065f7c15b2c24a1da6806fad1cbdd02729d8b40de75a00d5e7497e309a243240cb6c6baee77
SSDEEP

768:27v+xk0gFiNMZrWjM+9Z5nS0LAy7Pu6slcTBBW+9Bkhkx/iRerSNmKFaxb1RxjYu:27v+xkENurWNn5nS0LlKkleEci5RhB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2960	46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe
2960	46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46098d5b197a07d66b0c19613850b812_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\start1.exe

Filesize
486B

MD5
2414f3bb46f1e65f861a4ea58e4baa6f

SHA1
570a4528ce5476cda8b7ee6322a65d66a3553e75

SHA256
8fd64d2bd8584b60e8df586f8f163f40ce4b8267817ee5b526b0a7d16cb42c67

SHA512
f59aa4e7991ee690cd7851e49e271cef2ecaa35befd15fc36d4f69e910710f83ee422b3d479e4085530a8bc6f31ce0714966c5c12a4454d0f2b101e4a7283609

Download Submit