d57dbff4f2692cbd9d8e5049b84565a0b156a089816a09a7b67475a0ee8c193d

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 05:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c25de2a6edb43af1aad8cc94047e4d9c_JaffaCakes118.exe
Size

108KB
MD5

c25de2a6edb43af1aad8cc94047e4d9c
SHA1

4823cc49a5262e688e55df0ea0ae514dc7cd8f50
SHA256

d57dbff4f2692cbd9d8e5049b84565a0b156a089816a09a7b67475a0ee8c193d
SHA512

0084eb0ce5c6a9d6a9f61dbbf25077df8950d4e8e8757b650f8166729a5dd2800949ac87b381ed470182126bb5b71fb76a3b52b4d5216aebbc832733f0456ec4
SSDEEP

3072:uU4VlQ5UNiUHu32GzakKYKMkZUeAzNAONuiXqa/:bysUTHyzazYPkZ9wf

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	c25de2a6edb43af1aad8cc94047e4d9c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c25de2a6edb43af1aad8cc94047e4d9c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c25de2a6edb43af1aad8cc94047e4d9c_JaffaCakes118.exe"
1⤵
- Checks computer location settings
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x00007FFD699F5000-0x00007FFD699F6000-memory.dmp

Filesize
4KB

Download
memory/2304-1-0x000000001BCC0000-0x000000001BD66000-memory.dmp

Filesize
664KB

Download
memory/2304-3-0x000000001C240000-0x000000001C70E000-memory.dmp

Filesize
4.8MB

Download
memory/2304-2-0x00007FFD69740000-0x00007FFD6A0E1000-memory.dmp

Filesize
9.6MB

Download
memory/2304-4-0x000000001C7B0000-0x000000001C84C000-memory.dmp

Filesize
624KB

Download
memory/2304-5-0x00007FFD69740000-0x00007FFD6A0E1000-memory.dmp

Filesize
9.6MB

Download
memory/2304-6-0x0000000001310000-0x0000000001318000-memory.dmp

Filesize
32KB

Download
memory/2304-7-0x000000001C8E0000-0x000000001C92C000-memory.dmp

Filesize
304KB

Download
memory/2304-9-0x00007FFD69740000-0x00007FFD6A0E1000-memory.dmp

Filesize
9.6MB

Download