Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2025, 20:51

General

  • Target

    JaffaCakes118_4392965471b92a09e1ba10a9abc32971.exe

  • Size

    188KB

  • MD5

    4392965471b92a09e1ba10a9abc32971

  • SHA1

    22ca625498f7f76e3eb0fadf74a3b1a9646870f5

  • SHA256

    50ea1e942bb6a861e5ce8e1c3197d69fa35054e5ffbc104ef20ac104854193d4

  • SHA512

    1fff6c6a1cca37436d78c1e6cd212bf49a75e7d720893e9e1a9894d8ab20593a3b4e2b258c27c9eaf1f6b37c07003f601370e3f61848c686a237c4e23d3b186a

  • SSDEEP

    1536:l/KVvhq8aP//mEGE7NqeT0GQpTLSsE9mQZjFE4ahXohF5kYlmM4Q7/hsULFfAuv:xHx/mRE0e0Ga/E9DFt2ohFrlN/2+oI

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4392965471b92a09e1ba10a9abc32971.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4392965471b92a09e1ba10a9abc32971.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Hnb..bat" > nul 2> nul
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3524

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Hnb..bat

          Filesize

          238B

          MD5

          9be30ead1f00e32e54f1168e793f3537

          SHA1

          8bfda875a92c791c441717326b284afba57bce2c

          SHA256

          de2d1731f3010e2c76a33181e1e4bca4572a66b9a536bf8c050a0d85978cdabb

          SHA512

          4970fd613a799776d073a48bdeb5868b04f397cb80c383705cdc8bf146ad8a94aeec2acb4b8d84c2bd3c3c97a7fe073296052aa5eba85f22d8896cd1aeb92c84

        • memory/4812-0-0x0000000000740000-0x000000000075B000-memory.dmp

          Filesize

          108KB

        • memory/4812-1-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/4812-3-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/4812-2-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/4812-5-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/4812-6-0x0000000000590000-0x0000000000596000-memory.dmp

          Filesize

          24KB