a1e200caa2ac562088a6eace3a11fbb1bcb19319ea850f52e70cc8093c6eb13e

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0a9ef50fec9cf1b467d27f8d002dbeb_JaffaCakes118.exe
Size

96KB
MD5

c0a9ef50fec9cf1b467d27f8d002dbeb
SHA1

a5cbbcb86a41b5d00ceb1ce7800386b59e85dade
SHA256

a1e200caa2ac562088a6eace3a11fbb1bcb19319ea850f52e70cc8093c6eb13e
SHA512

6593dd361b1cd32f641658274221ebb5a0d7b9bb24f382a7a40c39c74e705fb41742056cbb22a8b9ed198c28b35d5ee27d498742a84e26d4c0db5a14d8a376bd
SSDEEP

1536:mwXJ/ZwqdK8aYW6yUQ0GDwg0LBJHVTK6e8FsTQvJatgE1TKV/XpT:15/ZhdAYWcjqwTVTKz8vJggEhOV

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	c0a9ef50fec9cf1b467d27f8d002dbeb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c0a9ef50fec9cf1b467d27f8d002dbeb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c0a9ef50fec9cf1b467d27f8d002dbeb_JaffaCakes118.exe"
1⤵
- Checks computer location settings
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CryptedFile.exe

Filesize
56KB

MD5
21f2bf3e5cd422512d2a1c6b9bcadae6

SHA1
cc67f7054b37855e2223473eb520f8d86c5ff910

SHA256
5d40e719603b98eba032386f3d21148b6619b62749950bbf808c6f6803ea08b3

SHA512
d7df7914d7fcbbcb2584524c8dc4fb3480bfea81a3f81683ae0bf42b279d03a194dd441d13330711b95b55bf9f2557a99d862f4ef0b42db1b8b79dc764a2649f

Download Submit
memory/3680-0-0x00007FF8122F5000-0x00007FF8122F6000-memory.dmp

Filesize
4KB

Download
memory/3680-1-0x000000001BEA0000-0x000000001BF46000-memory.dmp

Filesize
664KB

Download
memory/3680-2-0x00007FF812040000-0x00007FF8129E1000-memory.dmp

Filesize
9.6MB

Download
memory/3680-3-0x000000001C420000-0x000000001C8EE000-memory.dmp

Filesize
4.8MB

Download
memory/3680-4-0x000000001C990000-0x000000001CA2C000-memory.dmp

Filesize
624KB

Download
memory/3680-5-0x0000000001810000-0x0000000001818000-memory.dmp

Filesize
32KB

Download
memory/3680-6-0x000000001CB30000-0x000000001CB7C000-memory.dmp

Filesize
304KB

Download
memory/3680-7-0x00007FF812040000-0x00007FF8129E1000-memory.dmp

Filesize
9.6MB

Download
memory/3680-8-0x00007FF812040000-0x00007FF8129E1000-memory.dmp

Filesize
9.6MB

Download
memory/3680-19-0x00007FF812040000-0x00007FF8129E1000-memory.dmp

Filesize
9.6MB

Download