fcc08da42eac83de7e11c5925489d7228fa6897428d75febce28587453bb62c7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 10:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
Size

706KB
MD5

b750ddd67e379270ad286b9afc8e9144
SHA1

4a9b10990547f02d931e2c58e15b132f9bee87f8
SHA256

fcc08da42eac83de7e11c5925489d7228fa6897428d75febce28587453bb62c7
SHA512

ff64ab989a19438068181a71bac230be4b44a2cdc672b27594ee307e406c782ed09dabf87391272cf53ee5abb161b1a16936bd70b8a698fbdd494e7efc3fa09f
SSDEEP

12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGsp4w11UJ9BRccsa:gpQ/6trYlvYPK+lqD73TeGspBXYVD

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe

Executes dropped EXE 2 IoCs

pid	Process
3584	ScrBlaze.scr
3140	ScrBlaze.scr

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr
File created	C:\Windows\s18273659	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
File opened for modification	C:\Windows\s18273659	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
File created	C:\Windows\ScrBlaze.scr	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr
File created	C:\Windows\s18273659	ScrBlaze.scr

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScrBlaze.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScrBlaze.scr

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Desktop	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\ScrBlaze.scr"	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3996	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
3996	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
3584	ScrBlaze.scr
3584	ScrBlaze.scr
3140	ScrBlaze.scr
3140	ScrBlaze.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 3584	3996	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe	93
PID 3996 wrote to memory of 3584	3996	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe	93
PID 3996 wrote to memory of 3584	3996	b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe	93

C:\Users\Admin\AppData\Local\Temp\b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b750ddd67e379270ad286b9afc8e9144_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\ScrBlaze.scr
  "C:\Windows\ScrBlaze.scr" /S
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3584

C:\Windows\ScrBlaze.scr
C:\Windows\ScrBlaze.scr /s
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f23ef20b23a591f9170876065a8291fa

SHA1
bedf168c17547294345169ec28280afdbe80fddd

SHA256
00f364dc4e833085c9c21a64da45dd3887599bbc551ed1b5cdc7d539c9805cb0

SHA512
2edcc31eb411a867300b7d6bb0a26382476fe2a87aa26aaca57b3fd079161923bd68b7cf66dcaaab9a06acbb696f484a488d5e08578d774cf78d957ad1abbaf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
472B

MD5
e0c50d942eb3dcfacb16e473499e4f82

SHA1
89bee907b2f535a4b1e6d29ff135320da0981965

SHA256
63897126b3840d76366b12a3a096f47131f3b34aa5c240b66bb10d2667128d1d

SHA512
4d61ff961af4c28bce0002571da13606b8515a164753f924e863ea59a7bab79a2a18cb8356fa69014d33c014c47811b0f5e98a63b561738bab7c1f875b0e1be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
472B

MD5
49a0902a67c5c2027b6357cb0d572d50

SHA1
77f96521b4b2a42c937269e8f837c990b3116bdb

SHA256
9fbbaa6931cf0893c1b58f6ca0383b6f96c84d560f7ec16adb3bc67aa3801b34

SHA512
9a2553cd77c5b0273f936063e9ee302144d4f4b9e55ce60db90984cac2f7e66fdcdcaac411308eee17a887b2281b8d5f8e348a5e35e1c0402cd9a538de8c5302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
471B

MD5
ae5804458807c25cd96c521239628c17

SHA1
0b5854a08edd4568b1a7471bbbe398db8492db24

SHA256
4463914aba0601a72e8ff15d672dd076ed2a82e25d458ccd6a2296425b569f49

SHA512
3778bfeaf5fd268a1e976306195fe50c57b5d13e0801d9e119f4bf857567ef0c09440764f7368cb08fe8901fee35cc82b2be9fdaa2a4a83e4018420a718692b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
301586fe4b4439bcb1c7b6694b36538a

SHA1
0d80ad4e4ec553dcefa00f59f3a953bb3d026754

SHA256
16f4e95351338785ba02436a15e467c25d03f9ad35057ee54c9208c7618c3750

SHA512
c4f73b2488612dfe69cef42c6f09a2af2af27eb8a86750af2f9e79bbd04b51234b06a510d82c08e8900a0220479dbfc5fe2c19bc98032da8e1c520d2d7c19c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
228e85723fa94f68888dfc6eb5fe4ebe

SHA1
9102a52bf3e8ecdee5ac8463fa429494183e4382

SHA256
e364bccf9b7a1fe400b9a0a885b517215885bd1f1053f18acdf999f788676b4e

SHA512
f58b29a8af28d21589dd077d6688d849ed1ed3000ce11c414ba0f46b5a46d60667d1998506fa2569f930aa8e7289ef43a38f5e936267459a53386587bd4dc7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
398B

MD5
1e99834b0e7f8b565603cdb7ad16c304

SHA1
702184e580afe59c65efe617d5d94f4dc4e68d11

SHA256
2874c194862dba3f95a25967184b0c77f2197a180b4c57a609c7b3eabab0299a

SHA512
4e4c3ee0201b769988876feaa5053ce62cb0dda98b8a7fcf53ddc10e236ea05b2720a6b5975f972c6a4225e41767fd14d55a357459560923d8c8f7838d87cd63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
398B

MD5
a66e28b4e8a335db339f319e67cdad20

SHA1
0d6e2b22845c4261083032bc3764be2167138847

SHA256
cedb2593d072592a3188e87e4db3d3ee017d6b7ca476c2888fdd190b6a50ab7d

SHA512
e4b91dfe552ed50349a5e84012845f9559e65adcd05f66ad4bcb21e95e63c8109ffb968ed56276bfae5b2c9f69f0336ad50f33d7a60ee05f54d01942566dfc56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
406B

MD5
010e6183e9a075af6d835d588d74b6c1

SHA1
764ada3ee92860a7f74eb9db6fafb06939805983

SHA256
36a74f46a7174f47ee722096dc44a354e7c40c2b216bd87cd23c18fc28768dd7

SHA512
171a451669f79e7181b963dd1872cf53f8367aa9619b5419e23f9eae28b96dc8dd9e5e7c4867c8994140570af75473981324db5f2507836a0c68190544bea8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\dinosaur[1].png

Filesize
57KB

MD5
bdda3ffd41c3527ad053e4afb8cd9e1e

SHA1
0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b

SHA256
1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399

SHA512
4dc21ef447b54d0e17ccd88db5597171047112ce1f3f228527e6df079ce2a43a463a3a1e4255828b12f802d70a68dbe40b791852134be71c74de97718b2f1d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\firefox[1].png

Filesize
9KB

MD5
7f980569ce347d0d4b8c669944946846

SHA1
80a8187549645547b407f81e468d4db0b6635266

SHA256
39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7

SHA512
17993496f11678c9680978c969accfa33b6ae650ba2b2c3327c45435d187b74e736e1489f625adf7255441baa61b65af2b5640417b38eefd541abff598b793c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\chrome[1].png

Filesize
6KB

MD5
ac10b50494982bc75d03bd2d94e382f6

SHA1
6c10df97f511816243ba82265c1e345fe40b95e6

SHA256
846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd

SHA512
b6666b540aef6c9c221fe6da29f3e0d897929f7b6612c27630be4a33ae2f5d593bc7c1ee44166ce9f08c72e8608f57d66dd5763b17fec7c1fb92fc4d5c6dd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\font[1].eot

Filesize
16KB

MD5
70c0f0ef951a2e8856866e30f22ad27f

SHA1
ed6d4e89e7f003a9fa3320a73141328d8d88bee4

SHA256
770967fee9e6941d5c58bf5c4a5a1f8cf9f675730ca20236dc816cb030a3184a

SHA512
aa012e7048bb8575a3e6ecb510cdb6bddea693fd665566f8f46c945ad5ee05ca62aac8de1bf8d75da61a72a516c5d009cda4add60cfbdea03c31899c60dd55a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\font[2].eot

Filesize
20KB

MD5
0777a08c974b6e1714a233493bfd26d2

SHA1
ac3584466b9fa8643038f94cb75e73779d28448f

SHA256
eb39019a7b3f5e99681081ca3b5730d747a65690cd0a1b761c52df9c4746172f

SHA512
aa06adc8b1cb75e9342b426c4596fac55f43e1db01f7b1fe472888102ac95c1a242277817010af8d8240e86321267dbb1a2ac26edacefd6c7e3cc6812910f325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\yt_logo_rgb_light[1].png

Filesize
8KB

MD5
d654f892f287a28026cd4d4df56c29c8

SHA1
98779a55fe32a66ebec8338c838395d265e45013

SHA256
fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8

SHA512
3668902aeaf792ad73ba51e0a4caaa520ebc38177791dfac9a9b28026c3bde99e721bf54d626f266a19cfd045a6d2dc8c8e70e53a2c5ee524c6f2736bb0ce409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\css[1].css

Filesize
312B

MD5
2494130e2dd81fb40051261cac87fa92

SHA1
08bf1ea9863ee62a66bf9a75161176caa5a11cec

SHA256
ad6e8562d7a6a701d734b60795921409d5449b1806b88ffb1173e832c6da695b

SHA512
5defafa591cbe2fce7b02dbde7b9ff834fb0e5a3da41807978560c292aad11546045f8689d7de4d583c1635012bbcda48b8f49bf0588abe8ef50480fbb2f7134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\opera[1].png

Filesize
2KB

MD5
5cb98952519cb0dd822d622dbecaef70

SHA1
2849670ba8c4e2130d906a94875b3f99c57d78e1

SHA256
02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7

SHA512
5f29b7459fbd01e16dbd196e4bcddf109af017cccf31337abe1cec6cc5a84711fc2cd34ad7a35d9432a9d7e42ca23d7f6c9d4315396429d7b8e48b9491696afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LI43KEDR\css[1].css

Filesize
181B

MD5
f407e7b6e7d9fc9da41d84c225ba6dbf

SHA1
2c26b50f87ee2e0d8c2f345106047e2055a147a7

SHA256
df378280434faf25fbbdaf52d145580a12fffdaa2fe3f45f7e24d4cf8f7a13af

SHA512
cc6ff71ed48e437215cd54ab4b527f01935070aeed4e6650c27c0d304eb80b3e7207c859425bd0f770c091c968e45e704c25bec0009dcb5b513823956f7e8528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LI43KEDR\edgium[1].png

Filesize
6KB

MD5
01010c21bdf1fc1d7f859071c4227529

SHA1
cd297bf459f24e417a7bf07800d6cf0e41dd36bc

SHA256
6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e

SHA512
8418d5ac3987ee8b6a7491167b0f90d0742e09f12fceb1e305923e60c78628d494fcd0fee64f8a6b5f6884796360e1e3ec1459dc754bbfb874504f9db5b56135

Download Submit
C:\Windows\ScrBlaze.scr

Filesize
706KB

MD5
b750ddd67e379270ad286b9afc8e9144

SHA1
4a9b10990547f02d931e2c58e15b132f9bee87f8

SHA256
fcc08da42eac83de7e11c5925489d7228fa6897428d75febce28587453bb62c7

SHA512
ff64ab989a19438068181a71bac230be4b44a2cdc672b27594ee307e406c782ed09dabf87391272cf53ee5abb161b1a16936bd70b8a698fbdd494e7efc3fa09f

Download Submit
C:\Windows\s18273659

Filesize
978B

MD5
d6912c984c200c1a178071d9e9d3a817

SHA1
2885400e077773df8a0cf6b2190699f669432b96

SHA256
7f9d4a121ec7c1c6f216218dcd6a7d3230b515e4efbe4777f4cf137fdd1a9e1a

SHA512
7f9031bf8684ecfd77746996d0d3ac9d068be17f3ae57462275d579812696901303592b6af40627cdf065320b9485853343d6676de1695bb70a363344ca59501

Download Submit
memory/3140-114-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3584-75-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3584-37-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/3584-76-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/3996-0-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/3996-74-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3996-73-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download