Analysis

  • max time kernel
    136s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-07-2024 14:23

General

  • Target

    53619927cf67acf49e20eace6ff246eb_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    53619927cf67acf49e20eace6ff246eb

  • SHA1

    ad440daa78e96b7c2497960bcfb73134405abe11

  • SHA256

    ccfab06fdcc0737b61bca457962004418ed83a41b04be97feae36f4ff4968acd

  • SHA512

    409b6984ead918bfe39ba0d5d82d3d6a9ac46251622c9c2cc49e2052b399da544ca70ebd134dc6c05248f999912af4af377f3c3d6892d1fbc09fcfe930cb7a05

  • SSDEEP

    768:YzFJMpPMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l2tz7vM+Yvl2yKHJTvP24O3:IYpkNW71rcYDAWeotvXlc3tFyOe4O3

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53619927cf67acf49e20eace6ff246eb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\53619927cf67acf49e20eace6ff246eb_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    PID:3940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\q11.exe

    Filesize

    56KB

    MD5

    5c9771003b235be2c59a2a494c3126ab

    SHA1

    be2503e7c7d14525b9a20a84070182fd4a93a6be

    SHA256

    d5b379d663e2e645f429a349fa9014a7235a7e83e02e1910372507dc3a945419

    SHA512

    99c7b5a0ac001e986d862ac7c580a679ed82588c2487612032a60a7f858b919e8027a398e3d54e6b9df536606fed5e41325ed4a34fa195c2733f1c61d1673f38