c12e346300e78538e12682a0212e4f7c52a90c0a6b067662c8e337279bfb78ef

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f3bceac36ea82ad8bff8e4f1cd66d2_JaffaCakes118.exe
Size

1.0MB
MD5

45f3bceac36ea82ad8bff8e4f1cd66d2
SHA1

7794bce803af5853e68fcd9e89abd24fa25069e7
SHA256

c12e346300e78538e12682a0212e4f7c52a90c0a6b067662c8e337279bfb78ef
SHA512

fbc8db5d52ce207b4b7f314de7ae2a5206424b60056bbbd2139beee18579a3984e8034dccab1008879cc0e8a41e8e27e6c385c95f56e5d0b76dade0cc7ae6886
SSDEEP

24576:eHdiKvJPEVk/puDug9Eyguq1CSnCQ2ayOA8wMD:eAqGVk/pZgOyg/FO8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2240	45f3bceac36ea82ad8bff8e4f1cd66d2_JaffaCakes118.exe
2240	45f3bceac36ea82ad8bff8e4f1cd66d2_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\45f3bceac36ea82ad8bff8e4f1cd66d2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45f3bceac36ea82ad8bff8e4f1cd66d2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsq7BAA.tmp\AdvSplash.dll

Filesize
6KB

MD5
e5ef6581a32097f360382950267737ff

SHA1
f6ee447a6f62d8b8b274ff1fe848e43eb70d4135

SHA256
2a3f0c5536cbea4788218bbd33dce7cf5226145c72af7f2e8f658f609d0dcf06

SHA512
9b66417b8c5e8e2d1e7e34fd6a3584692531e150e7ebdaaff78e611127fb3f22603c00f81093af6db6eb6245766821905585f44b0cdbba75b6a84bf19ed3c889

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7BAA.tmp\LangDLL.dll

Filesize
5KB

MD5
1775e8fe7832f0351d4024ba3478c58d

SHA1
3a2aafd8275f384332f6d08224d927040ce37cb4

SHA256
a2a159540c738c7bc4d6ce8dd203bf859078409c0021a2a60f4b0faa5352d375

SHA512
362cda0e1f50a8fecde1611863b1c6218962e3ec198ce3641ce50910d400ac647cdc3742888140fd6817ce6b30d83865aa0c72292bb80b1ae86cab419e0fb2b7

Download Submit