fd52c633e78b6feef3577cbf03d2672d0ec8adae0bd70b4d12756546631168c4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
Size

834KB
MD5

75cc1d3668ad9a9375b65fdfa95a85ef
SHA1

8b84abbb3184f9014f84e244e6896d5164b0cfa6
SHA256

fd52c633e78b6feef3577cbf03d2672d0ec8adae0bd70b4d12756546631168c4
SHA512

861476e41f3fb2d04a5b2c4d32554b863512c23df1e4e17d0550c74c9cbb5f7bb03fd55620f61d2c75d8e17338ffdedfe71b887f633fa0a33ff86d31065481b7
SSDEEP

24576:C36Y5CBscsbY16qvCaDcxbB5AdMuECccAPSkAt3+HUWbHSg:CLCB5V1DcxYAdcAPSD6UWz5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2360	75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\75cc1d3668ad9a9375b65fdfa95a85ef_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AsukaTools.ini

Filesize
1KB

MD5
5daf4af34b16450e4dca3f163ee9a4a1

SHA1
6c39ff3600a636e42a85d1f93575e88c446786ee

SHA256
03988212fc95d47b61c77325f5c0fb4b869128f52def320f20fd731d7baf25c8

SHA512
d68d957dacd7a9bb358ed15551fc9f715e3ff3560fda84b176276ade2702fcd20243f0e49e1517f372124fa33ee4ce00786d4d563368ba8d5b54f43da447a490

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsukaTools.ini

Filesize
488B

MD5
c4a54d0a57c1d0c7dbe32556ed203604

SHA1
d634fca7b2b0107d001ee25e6b8d1fbecef6dce0

SHA256
373e9a705e7e378082467984e227c7d26858b5b65a33a0efbcf4f1436ebd63aa

SHA512
7ca1351fa05a36c36010fc3418e9763c964e95af8d819f21f1bf29400f8a88ad8174882cb3e9db0015a6f3179c0b77b0219a8591701420ead295c3d5385c2811

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsukaTools.ini

Filesize
767B

MD5
d51eb46525cf7a0fcf2c34319ccdf7fd

SHA1
fb4fae0837262cd6fd309a2fbfd959de5a4631f7

SHA256
dcfec8dc3fed6e9533b3acf416d4a9ded22bf8271f7978197f6ecbc14ffd55eb

SHA512
9cd55d21b6ab74ab0b090ca051a8b7cbf0407148051a7feb618caff940e6ff173354f2356131ac7c11200b7d90b69d01e43afe31edad0b1e80b1e2c19fb855f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsukaTools.ini

Filesize
1KB

MD5
cb7e89ba62440e669c4a9f1dc4ea4a1a

SHA1
ef255908d42d08f67cbcb67c0a780f520ae8c707

SHA256
2f10c168b98155630499292fb8cc9069b509d82adb3d2399e704a8e713d417cd

SHA512
8009034d4661fc2d0da014dccd405ccd3b06c8601d9d4add9a5dfe53afda571509c88eaf9de94fa54549ece510b67336548ab920b4a5add956013f42f1c1d70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AsukaTools.ini

Filesize
1KB

MD5
0f3fe66e4bf2d88c2a87feb716b64fa8

SHA1
3efa40f7de354ffa73578d62ffd8d6442a787343

SHA256
183f6c663272f6e4a64224a045d53f858b524be2a487cf981a1fa34de26cdc73

SHA512
6d94be7af0d8c7b722745ef6a0bd3cb001306fbcb3020ac1b141da9c4164295061f05aaa2926ceef2fa7f48ae0758b7b5b52c9b8c46a125e33776c40e7525331

Download Submit
memory/2360-0-0x0000000000400000-0x0000000002552745-memory.dmp

Filesize
33.3MB

Download
memory/2360-90-0x0000000000400000-0x0000000002552745-memory.dmp

Filesize
33.3MB

Download