93d9929bd1ee8fb84f3ac6d6aafb5955c2f8a8f0cb8319b5546cdbaa8f852af0

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5fec04f9c87894d236f36d94c046617_JaffaCakes118.exe
Size

47KB
MD5

f5fec04f9c87894d236f36d94c046617
SHA1

bcb91a95943caa1250450cb7f31fce295d79e9a4
SHA256

93d9929bd1ee8fb84f3ac6d6aafb5955c2f8a8f0cb8319b5546cdbaa8f852af0
SHA512

5c0aebb9ce59569c05def9f1786f8053a7a79f0ea9807f1f6db6bebf8eb34b547298005103ebd249904a9809404e3e1cbc3e2524ed7cc17e23c86bcdbc58f7e7
SSDEEP

768:WQmFXYDHFlVD20CbDhN5GcF0juVA8IBwV4qgDC/39h:WQSoDHbVDg7UfjuVlhVh

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	f5fec04f9c87894d236f36d94c046617_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f5fec04f9c87894d236f36d94c046617_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f5fec04f9c87894d236f36d94c046617_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5fec04f9c87894d236f36d94c046617_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\showthread[1].htm

Filesize
1KB

MD5
37e48bab25eb73fad50567c1b4932edd

SHA1
4b26a8ad91d4f94a38886f8b0d60793301f77133

SHA256
9a7542fbcf0a06197ee44c851b28fab213f08f15bb86bfd9653a874ce46c85c2

SHA512
3213d35f9ef884920ec08914b767b125f9c05f08c9c5591d0eccaa45121cf349bd23badd631455e9574cf03f0108a65294d2e5ea4e6f4bbaa7524e733781ca71

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc87.exe

Filesize
1KB

MD5
f242ab1198d7ac959e0c651d7117472e

SHA1
50875943350f99eeb01501261d476ba67fa0e293

SHA256
b8673d414425e0e867434960b9a6252442c17bcccb6bbe57393ceeddf286254e

SHA512
705ba5f9ede97b07fc0a1516e574da5dd2df930ebbbf834887148269e723d942b3a8e04457d429260c9a27c38378fea46df11c5c1f63ade8b5f4a9550c55378c

Download Submit
memory/436-0-0x0000000002150000-0x000000000215F000-memory.dmp

Filesize
60KB

Download
memory/436-1-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/436-2-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/436-43-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/436-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/436-96-0x0000000002150000-0x000000000215F000-memory.dmp

Filesize
60KB

Download