61e0355740087eb25ffc65c8a5c2973912d032bb0f810a7d29a2ebd6bc8d3548

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe
Size

448KB
MD5

d6986053c0e98716f40cdf39c1a9bd92
SHA1

6267dd87b2e6008fac9710429d9c69bb8e9c4cdc
SHA256

61e0355740087eb25ffc65c8a5c2973912d032bb0f810a7d29a2ebd6bc8d3548
SHA512

a511aab9200e92455c0a08d8432dca7ca180108a7eb6e1d340f37bcb5747a809bc0865ff7ef9d220e2c519b99c94a8bd5107f77484e789414dfea374d8fc0217
SSDEEP

6144:IjCtSOWCgWKXtixQsxxwnwkqk46gWAck0AvbROYBtBtv2dex3jBljONNERyQDf9r:hIBEKXtuWwU47cVEcY3judI3jWA79edu

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4536	d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe
4536	d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d6986053c0e98716f40cdf39c1a9bd92_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\240625500.exe

Filesize
105KB

MD5
e6b2cca2eb9c1b28573aaf39f087b7c0

SHA1
9a4602c015e04b59f16d6c4b61aebfe2b60f5352

SHA256
74b1e1d247b75dea2956f0d46d52afc6a9ebae2b6be98ede6caefe559cf861f3

SHA512
895172d65929e9865260765911a370bfd8ec8a63605a48705940074b2b2e41bf415e11cb6b54ba761bb4ac70c5f6c52b79326135b114604f14621ef09dd95cb0

Download Submit
memory/4536-2-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4536-3-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4536-5-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4536-6-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download