Analysis
-
max time kernel
140s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03-10-2024 18:29
General
-
Target
1012b06ae63386e33eca4634acfb2e29_JaffaCakes118.exe
-
Size
19KB
-
MD5
1012b06ae63386e33eca4634acfb2e29
-
SHA1
6a86ca095a02bdaa779c5588d7de70d97c521a70
-
SHA256
c59205f49328d12b9ab83bda148753c762a83df93d6bee97c550f25dba4eff19
-
SHA512
cc54ee37e539080831dbd1a8c055df51967f10637ed5e62e6026032de2fa2d7099270b30a45d3dac1ad1e4fd0dcf01f85458ab1229021828addd21b8d56a1e8f
-
SSDEEP
384:dRdCy1MqlWM4mQ24lSFkKZNlsbzAlq1UwmzkwA7mXBaPr6:VCyCqlP4mQDe1q1M4O8Pe
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1012b06ae63386e33eca4634acfb2e29_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1012b06ae63386e33eca4634acfb2e29_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add hklm\software\microsoft\windows\currentversion\run /v services /d C:\windows\services.exe /f2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB