5a676ad13d6e25029e1527d77ee6edc9e9fbeb3ce94bcbee3b305966845985a5

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 17:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe
Size

28KB
MD5

790d84dcc7befb4028225a80c60642cf
SHA1

a4206a3a7da093daf39b022b03a9437ba4c319e5
SHA256

5a676ad13d6e25029e1527d77ee6edc9e9fbeb3ce94bcbee3b305966845985a5
SHA512

505dd301b1ce30adb2eb522e0970dc7ca3126cbc08eb9e2bb440fa99dfec3c0b03bd34e3a75c74067f7c00ba559a2cf157e2eca7c37ffe6cd14d4268c3a28c48
SSDEEP

192:/T76jOUpYkfytjOUpY+BarjlIc9Dsy9m9jOUpY+BaryejOUpYkV:/TcXpSpXp1Ba/lIc9DsVZXp1BaeEXp

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3720	790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\790d84dcc7befb4028225a80c60642cf_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\greerg.exe

Filesize
1KB

MD5
71106bb677b48015ba23afabd42607c4

SHA1
38982040e1bcd1ce40c7b37fae21eb570c337819

SHA256
3f9d115a1aa9f8ed038eb64f3733f36746ef6039b3d34e7a41db08c0c3a9dbb4

SHA512
e045a598f5ef29c47c1106e15c9f69f407717d92a0f0b3937c2eff70639a90eedbdc5ca4ca5a0efee758a16a7de6fe83f0c17dcd84f11f353cb049155c9c7ce3

Download Submit