Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 10:42
General
-
Target
73b63aaa10eb34ff29f279b65b96c5bb_JaffaCakes118.exe
-
Size
315KB
-
MD5
73b63aaa10eb34ff29f279b65b96c5bb
-
SHA1
117568575639cbb99a98dbb05d5c5de2b61e3482
-
SHA256
e273c45ffaf9860845355bec0c4f3a4ad08b8ef3bec4200f36169b2806f77cbe
-
SHA512
6271ac0663ae8d7ea369360e4ffb7f2a39dd48c820c373f58873089ec28470a0fcbdb5ab118c5da484bf099e041779ccad00fd63581ebb90374f58a8ba0e3695
-
SSDEEP
6144:Euo4d6BDMIOyMj7occlbUTBfl7/AOgnnPVYKm:En4INMdySccY4Thl7/mYN
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73b63aaa10eb34ff29f279b65b96c5bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\73b63aaa10eb34ff29f279b65b96c5bb_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /C "route.exe print > "C:\Users\Admin\AppData\Local\Temp\73b63aaa10eb34ff29f279b65b96c5bb_JaffaCakes118.tda""2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ROUTE.EXEroute.exe print3⤵
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5013ffd8ea1657abeb6475ba02032f011
SHA1f27339176260ba1776d5375ace1c1f02ebbf06db
SHA256daa901507b56e69da1ebfda9669ed5d8aa4aac179d98f639857a50a637691498
SHA51229239bfba48b533917088a43e306aa8baf9b555a92c95042ea0cf017dca23ef3a52714ce25d417e78849cb79143d5978cf4fb361c4dd4da2344ff31067da29de