939d340c782bc0348242686c9bc8dc4889253fda71b3719a93e9131b98db00b8

General

Target

f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe
Size

65KB
MD5

f6592e38e77d6c5397858b6af72d57cb
SHA1

23bad5abbf691609fe4f4c3e48b7cf7ea93bad7f
SHA256

939d340c782bc0348242686c9bc8dc4889253fda71b3719a93e9131b98db00b8
SHA512

8409b079809308a06e737a000bb619ededf1d0c3dc6bafa0d9765e82eeeeae02bf6c8a187e86e8284eec6e2afe14a71b01bf7bb49316ac3f9a7955ab416b03fc
SSDEEP

768:PAFu1AP7bfEWs9VkPa+9CpYCFS3y4ahYiwK/1p7vPLm:PYxEWsMJ9CpYn3kl9PL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation	f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1956	f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f6592e38e77d6c5397858b6af72d57cb_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc145.exe

Filesize
1KB

MD5
f44c7f93c0d2302892a618edf1100af3

SHA1
fb76b1c1a1f72963b5da62929e3840d44c6d1c21

SHA256
533ffc261f4af15cf27bee69ed4ec50d20de0f077b52e7e2b53bddf0649e13f1

SHA512
24f98776df92921fa2f8e8cf4ed05a5ea64dd768e5e808339ea184de9f3be582f6c47cdc564d39e22e04628d9e012736147199fd4c5a74f5059c161f19b7e2f0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
7b00e94561107b6399f73c05e2edddde

SHA1
63459cc68500881e44e83e4c039905f1a0a1dcfe

SHA256
55199f068d45a99c2713f8f340316390acb2085f0db4b2d207eeeac22055ef45

SHA512
82600112e54063da639549eb91fb4d6f1928fc900e0498c48091a409e72eac6f93ac7c9c8a5d94157557ff144904c2fb4f9a7acc3d0ffbd28f6cc5dbe1a5ddc7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
d41482871763c5b7b211b4282806edc9

SHA1
49a2465ade673b7c15feffb433490ac55abe9e55

SHA256
f3475e7f09c63ffe3799c56b9b3c0a46f1e2cd7b5b1836a8c41e7f4f9434418e

SHA512
e7b015c39d9594d72fa6057a1257765bbe610ca0ab747908f7a0fa062853a35cb1635d0a539d64c8a991f788d65731d7799fcacc443372d24841e4fcce16e2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
f1f46016079e4464dc664609888e3a14

SHA1
c0424f8b032b29d344959ae754945cf8e869b373

SHA256
e0602ad0efb0fefdbf530c5c932db03e39b32032f67a566890cd4d2144857dd8

SHA512
d1c210c4b637933fd4133135fb96cfcc66e3ce65a963ffe9186bcf27bc91c40fb564ebc7d950b917eb3360f0a8314fea91d2b2688c05ffa06cc794bf18329de4

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
d05d80d5c7f7383fd566a27826d80e38

SHA1
abd0d3672babac3275b69c494b197202b00a390c

SHA256
3f8830a86c4fabc0c31fa6971d74e487427dd5f85e6ca525aff365cf4c1b3b50

SHA512
ae8a8de0b66da4922313e655471ff88e21179f828e8ca14d29115cfc00fde45a96c58d73da3a36fd18e6c547568cda751199b8dc30761a86ac35f972f3913fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
25b86d2ae9fb2e86081356483f32c53d

SHA1
87c5ad6ff93a9b25fe2b1f9634691b8c58555314

SHA256
31ba1680a5080ed96f09ae35c6f2436e6c44363252c25cbd7a922fd5453ef2af

SHA512
91b2847998babb2268c6886c9379a8904732f8d0283d774992b7431be6835255d3530af25c66afad309a9dda52bea47d34aab26943ffcd9bfb5221f5942a60c0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
b89f836909c2c383f691c07b47dcf7dc

SHA1
00b1ecdaef40c5566bf7fdf6dcf5d5055d21ef47

SHA256
c7c604198bfe36e869afd621c7ff89b3a0be7164e54b35a297a967f17ddb43bc

SHA512
cbb10e8c404f6d297036b6414afa10186a9c2ff05108f30baac7e9310f22bab9a1e66a2f95380ffd0f97a77195278476221eb891a5f8521577cf34f1f41d8595

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc55.exe

Filesize
1KB

MD5
0497bfcd9d498a0ebc60a26ea63fec51

SHA1
36ad5b9d79cd24670d800079c935346d58b040e2

SHA256
c9caf8043395965cd1427dce3a854b9a4db15a25874e2a883bc6f5ad03f36fe2

SHA512
6cb7e2532e1a0331957dbcbb5569a4700cf3fdad3cef43006b06af6c4d433ca793e1afa73d63520a3465367fdd9f2f682ba768780f13fe2365008fbea19d1b28

Download Submit
memory/1956-43-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1956-98-0x0000000000220000-0x0000000000234000-memory.dmp

Filesize
80KB

Download
memory/1956-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1956-0-0x0000000000220000-0x0000000000234000-memory.dmp

Filesize
80KB

Download
memory/1956-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1956-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing