e9329cae2a90ab2ed4eee37b28a8c663167ed4a06467bbdce86970ced752ce0e

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe
Size

60KB
MD5

14091c28812a420307b51c138f4c4c98
SHA1

7bd509ac6741edd12fe0e736cd3ae58530457d50
SHA256

e9329cae2a90ab2ed4eee37b28a8c663167ed4a06467bbdce86970ced752ce0e
SHA512

dca6ed5917b9820fbc7784dbb4e7f787da52e80fc24125c9e1b7f4b798f630cfc647154d290a9723b84ea69fbb82ed697ea6b852667e7e6b860771883bad4660
SSDEEP

768:E5D+TUYSdpE7TIg2PU+TKobichapVRpn5BNM9Gv1sFAS:sD+kzWJI7btq55nslFAS

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3124	14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe
3124	14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\14091c28812a420307b51c138f4c4c98_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\start1.exe

Filesize
484B

MD5
eb999eae86d1ce0a05f9fd0082688e2b

SHA1
4733457c1a3c7d10708b223e7db05b90b521d57a

SHA256
46e6ea051929514a54f951738bcd1b2fd5d16fcf4497e0bd91fbb5b6f418a612

SHA512
02b5ea4595ad6e21ff80a5a22315a8f8f73262532830894a527ace2be891d3158bcfe5bb47703fd335f50158571f088eef0f0379c497fb4bda2bfaf09b992321

Download Submit