Analysis
-
max time kernel
94s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-09-2024 04:44
General
-
Target
ceb006de325ff4e59ef29b36ebf5542c_JaffaCakes118.exe
-
Size
33KB
-
MD5
ceb006de325ff4e59ef29b36ebf5542c
-
SHA1
e7c5f4434a5f1ab8c1ee95d633e7346e14f88fdf
-
SHA256
001ed6f033379beff996b353657e1106eff33dbbd5cbf8df70beaf9fd82d72a8
-
SHA512
301f1d7666c5fad7a15304363d5f09656c985fa91846c4154302e32049e0eb0580423a4f2e1c9e6ee26c8e3b4f2b0ac61d879950ca03167deb9656095c616a5a
-
SSDEEP
768:dYGHFaaDakfpYnPBhuSp5Bm1hPlImmCZBxzAp6Ztp6AaK5FW:dYGlaaDakf2Sw58lfpZtcAx5F
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ceb006de325ff4e59ef29b36ebf5542c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ceb006de325ff4e59ef29b36ebf5542c_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\CEB006~1.EXE > nul2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD54aa7a432bb447f094408f1bd6229c605
SHA11965c4952cc8c082a6307ed67061a57aab6632fa
SHA25634ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c
-
Filesize
64KB
MD5f13f1a4bbcfb074b66842fdba4b342c2
SHA1f97ecbe7f96792e52ed7e8e19a3ac6e4f5cdc96f
SHA256b2ae93cdd8a3e620f098d95606b4d692916955fadb37c715fc30ef873473a1a6
SHA5121cb93c2cf1e60f4c8a2c43c03327b97851062223605e2dfcbb4b91584fb59bfacd615387aea1ede38c43477c405e247924250cf1557aa3e54c4586eecaec18cd
-
Filesize
16KB
MD5846b00fc9b4f5d66083d682a0e759ba3
SHA16a070f495bf6d4122a296d06813a90230d1cf236
SHA25632eff1cf4fef70d9a207b2d5ee09fec92726f2e3c2ae878b01758ec95fe8e078
SHA5129617598fbbe6a04baabad70e71f8c6e0897e9feaacc592770b827c6ba924664cc69c601cd58a3c0ab97536f7529278ec00dc89b6ee936b97634944bb39ecac18
-
Filesize
1.6MB
-
Filesize
40KB
-
Filesize
120KB