495586be095e5970063aa69e4d7f141f7da5eef676a18168bff72e4ce4b4c98d

Analysis

max time kernel
136s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
Size

2.6MB
MD5

6fd3b21fb0e6c0d290dc2f2ccf23d7ac
SHA1

263c2645c79b2d864c653e31a1194da1c466a7ed
SHA256

495586be095e5970063aa69e4d7f141f7da5eef676a18168bff72e4ce4b4c98d
SHA512

bdb38136420b66228516986404593e283fc9730f6eb26744f0549923a2284fa54d00e3f905984d0043885f8f74778b1c56c2acfa3a7a22965d437a42f76f2138
SSDEEP

49152:tYFMSTro/KSdCyU1eV5hWLkVvluBOBLA0xn0HQQpeY9UFKP:tYFPryTkyUMVyLkVvw8LAsnMQQpFmFKP

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2492	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
2492	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2492	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2492	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2492	6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6fd3b21fb0e6c0d290dc2f2ccf23d7ac_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\.#\MBX@9BC@26622B8.###

Filesize
2KB

MD5
cc7c7df636a134a4ec2c693d96e03021

SHA1
4eaf0eb50330d2b30f273f665306314ac295a182

SHA256
a3cef89cda4ab554915e292dbad8169ac30d9f5239e8d9fdd08d57e7c73db30e

SHA512
fbfc5b8dfe4160f1a3ef0da72ed6758cd010654de48f984c0c5ea07e8d9e406f1203bbf3492a3a81817277905106e1dedf622a9bad4687a6e4f380e705de986b

Download Submit
C:\Users\Admin\AppData\Local\.#\MBX@9BC@2662318.###

Filesize
2KB

MD5
fd0467cf47a5802cb2d101fa2069b8a9

SHA1
273631ef0b420a2531350667a1a581ec1acfbfc2

SHA256
c4da8976f42e5bf5929cbbbfd13e4cf8eee16b6e2e87e0675cbd1f3b7318af6e

SHA512
aee90f16f0b2dfe5c45962b6a2bc151fb99c001b0aff2f76e77120c41121f039d825faa8419aeeb349727bbec2ac9601a3bf10159060a85746a86e7a4565c9fa

Download Submit
memory/2492-19-0x000000006B780000-0x000000006B7A4000-memory.dmp

Filesize
144KB

Download
memory/2492-7-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-5-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-6-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-4-0x0000000000825000-0x0000000000845000-memory.dmp

Filesize
128KB

Download
memory/2492-13-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/2492-0-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-2-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-18-0x000000006B780000-0x000000006B7A4000-memory.dmp

Filesize
144KB

Download
memory/2492-21-0x000000006B780000-0x000000006B7A4000-memory.dmp

Filesize
144KB

Download
memory/2492-20-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/2492-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2492-12-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/2492-22-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2492-25-0x0000000000825000-0x0000000000845000-memory.dmp

Filesize
128KB

Download