bad67fd572003e65ef6b608aaffbfc229da7eb39a1cead617a4e1f6d837d97c9

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe
Size

20KB
MD5

88693093436c03b2a1fbe0d897a8255a
SHA1

8bff167fe80f1d82e4bda7de9461dec6dc90b360
SHA256

bad67fd572003e65ef6b608aaffbfc229da7eb39a1cead617a4e1f6d837d97c9
SHA512

a0cfaef26d35b828ed1704df73cb0d2127684ef4d88eceac7f1399ee2c8d0c243ce05e494f365cb276b2d73cd3a43e8c5fcc84ed990043cfd80b9f16985443dd
SSDEEP

96:/lxBidGguUY9Z6r+UnWSQRZCr5izHG4pKJ4YEiSwoD9yEWGK2AEd2:/TyGBj9Z6BnWZZCFizpM4YEiED9yhEd

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4120	88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\NT.exe

Filesize
505B

MD5
18f76684c005f56c5ab0613550464f62

SHA1
ccb4c28ab2e2168347e06d33addbe08abdb1e19d

SHA256
bc3061859a16ba243ecd1ab99b41e4dc6b7f735e2861c2196124e5086574181f

SHA512
d63cf31eca5b540732f66379c956324786d3f600f558849abc22dd706c14e5519461dd3c876bcdfec8480719fb8b19bbf39cf7baf9ff9a8c9bfd15d9633cb30b

Download Submit