e1bf4465fac560f5bbfcb7e3b8f967b53354cf5e28ba6f94873f737d41737584

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52282692c637a58acc98bbb2baddf6fd_JaffaCakes118.exe
Size

861KB
MD5

52282692c637a58acc98bbb2baddf6fd
SHA1

803b6c7c5f0e2b4edd3cece9ac961954d7c8a578
SHA256

e1bf4465fac560f5bbfcb7e3b8f967b53354cf5e28ba6f94873f737d41737584
SHA512

7cf03c7a30271af405eb3c887228412ef0a6ed21672abb88979d90b72e410ab4191aec22912b1ffeb1fff36c5f5fc7f50c045ff9aa9662c665056790d89dea0b
SSDEEP

12288:64su2IyR8hkw8lKTGPM3LeFv6ibe3EtbzyeeVlcb4nTTomE4UqbP4FeS1:64sb18+OGPMaeguVM4TEmEXdFeS1

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	52282692c637a58acc98bbb2baddf6fd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\52282692c637a58acc98bbb2baddf6fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\52282692c637a58acc98bbb2baddf6fd_JaffaCakes118.exe"
1⤵
- Checks computer location settings
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Crypted.exe

Filesize
262KB

MD5
31cc931d384c58373aa3cfe45ddf41ca

SHA1
186c14f3e85c70d7100a15460f393f15e9d9fe9a

SHA256
3615bddc1782b354c5f1eea3dca6ed85401b1db6c28cbf450c340ac76f99f48c

SHA512
0fcf4d72707515e5368e1717807c0fcd7f852b7174075a1bde5ec23264f5d4fdc9365c56ba3855fbc03a71d2b100c1f6cfeb8cccaadbc5934dd48f7f230c587c

Download Submit
memory/4192-0-0x00007FFDD3215000-0x00007FFDD3216000-memory.dmp

Filesize
4KB

Download
memory/4192-1-0x000000001B9A0000-0x000000001BA46000-memory.dmp

Filesize
664KB

Download
memory/4192-2-0x00007FFDD2F60000-0x00007FFDD3901000-memory.dmp

Filesize
9.6MB

Download
memory/4192-3-0x000000001BF80000-0x000000001C44E000-memory.dmp

Filesize
4.8MB

Download
memory/4192-4-0x00007FFDD2F60000-0x00007FFDD3901000-memory.dmp

Filesize
9.6MB

Download
memory/4192-5-0x000000001C4F0000-0x000000001C58C000-memory.dmp

Filesize
624KB

Download
memory/4192-6-0x0000000001150000-0x0000000001158000-memory.dmp

Filesize
32KB

Download
memory/4192-7-0x000000001C720000-0x000000001C76C000-memory.dmp

Filesize
304KB

Download
memory/4192-8-0x00007FFDD2F60000-0x00007FFDD3901000-memory.dmp

Filesize
9.6MB

Download
memory/4192-19-0x00007FFDD2F60000-0x00007FFDD3901000-memory.dmp

Filesize
9.6MB

Download