6e28c0d853c13e15598a264a38280d7ab7e4e9103274aa4988552f623e589f18

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b1417a66a4524347128d5981be406db_JaffaCakes118.exe
Size

117KB
MD5

2b1417a66a4524347128d5981be406db
SHA1

beb2db1a62525f9593987620e03ce3f8cb6524eb
SHA256

6e28c0d853c13e15598a264a38280d7ab7e4e9103274aa4988552f623e589f18
SHA512

f399d3d86899b1817bfac260b4e131b817dd901d419adfbe70bef5efa71ef50e496321e79112dca95bac12ecb9071a7c1bc74d268e9101a36471f01969b8b617
SSDEEP

3072:4dbOM7xMn8o76Ji7j3TQyxNPOszysswCn7i:4EM1MN7D8+NGsevQ

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	2b1417a66a4524347128d5981be406db_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2b1417a66a4524347128d5981be406db_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2b1417a66a4524347128d5981be406db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b1417a66a4524347128d5981be406db_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ calc.exe

Filesize
111KB

MD5
eaad827a5237b5bdb4754bcccb545765

SHA1
6971882eaa47c37f20c6bbaf0e6d4e816f5e110f

SHA256
78aac2dd841489fa99293438eade8704b37ca9cbea5e6417808b11dc76717419

SHA512
8553c688f5cf47231641fb293ac58e2772b333e52b89325ffc64b7327febc11ce018fb839f9e5b53d8667a87e78d48eb1812c0cf383f70c55a3bad0c3391e496

Download Submit