5bcb3ad77dba9f9a27271fa4c435577dde8da512705c72aabe356cc717b3e781

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe
Size

1.3MB
MD5

70a7dc761fc013c1cf5f4bddc175aef4
SHA1

cd06f0a0f614b81555b449572e8a24358593d622
SHA256

5bcb3ad77dba9f9a27271fa4c435577dde8da512705c72aabe356cc717b3e781
SHA512

d014abe0ae76464f2838ee233ac0f6f711c23846a6ccd441963796fd482441a6edbe5fe4b7eee882c5d9ee205c265cb14310bfdfb86e5f3492595e7577ff2281
SSDEEP

24576:U1WNQ5y5Zfdvo5kTqPC7oWwAFpsnKVOXDIBXprU+iqJiNt/22KEPrsz414Akjeej:U1PUZfdAPCyKVOTi5rSt/2p214Aqeo

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4560	70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsvA00A.tmp\InstallOptions.dll

Filesize
12KB

MD5
444e1109d960c307df0ca2b33a24731b

SHA1
55e3b57d06128911ed4af44858d199d9b1945edc

SHA256
b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125

SHA512
9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA00A.tmp\ioSpecial.ini

Filesize
698B

MD5
986ed879ae40cfae6e88c5896e545b13

SHA1
958ad3360c03754fc8d5f3894e9f314c2ea7b844

SHA256
0254ee7fdf680d8954ac74609afe7b858e666f98c261586b81d520d6266e1114

SHA512
4f2853e9b1ebe879f7cf815f2c803e4c2a72ed971fd9df2f801778246bb2e5a016c033d26ebf2c0d040180b531c48f401b4d7ed4e8cc6289f2e0f937720c426d

Download Submit