de8c8b9da365ddab4c02abcadaf9ccbf3f4b84c5ff5ea8daec4ee6165a66a68f

Analysis

max time kernel
135s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe
Size

5.1MB
MD5

725aaf787e45af3724762bafed23bd6d
SHA1

0ba4558a6bc61a9ae4f29ad4cc17e6216e05f244
SHA256

de8c8b9da365ddab4c02abcadaf9ccbf3f4b84c5ff5ea8daec4ee6165a66a68f
SHA512

3ab62e87a02863d45dd83c574fa14070c688a71f6c1b74cf7268f84a68833354d7e90dc42af0b9e2cbced38d9442236d5eb47ba8b33214a1606d52089fb0c580
SSDEEP

98304:M/bNJcxgxcZIfFsMn/d+mpdlGndCQEJ/hJ6ZYWo5egHVCcOI8emUhZHBEGY:M/bLQ8B1NLkEJhbvUcOwmUh9BE/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	InstGameInfoHelper.exe

Loads dropped DLL 3 IoCs

pid	Process
1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe
1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe
1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstGameInfoHelper.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 2508	1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe	84
PID 1336 wrote to memory of 2508	1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe	84
PID 1336 wrote to memory of 2508	1336	725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\725aaf787e45af3724762bafed23bd6d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\InstGameInfoHelper.exe
  "C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\InstGameInfoHelper.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\InstGameInfoHelper.exe

Filesize
99KB

MD5
3d3d2bf9c42dbdf97247775c00f22190

SHA1
7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

SHA256
59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

SHA512
6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\ftdownload.dat

Filesize
512B

MD5
82503470ddb0fae91d68482e29282679

SHA1
38cccf9c11f11d1cf77567346319239608159803

SHA256
f9d5d206050c98ff8493d21a32caf1234799eb0606d3feee67507ec1be03b0d8

SHA512
c0c3887e8cd87a84cb26dd8e684a45ab2792777f50789432a1fc2167bca5a0bac5cd2f60f84b61f9f6ccd6607ea76d7d498777e14d443c78bbbb8a05949fd5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\gametitle.txt

Filesize
26B

MD5
4f8f59c5d87bef2b8d82dc0f4ed6e8a3

SHA1
c9210e085e007e5efcd6198c44a0c30c4e1719e3

SHA256
5434919091d3c1db0c86789afbfc64297b59b9053c862240bc10f7afb655b03b

SHA512
2fff97400675381c354fa44fff2902f89db3722faaf4dd1858a08540f7d9adeca6fe27a09cfb0a8b53989891bf34f7a3e20910f4340a4c101d7774eaa965e87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\nsExec.dll

Filesize
6KB

MD5
e54eb27fb5048964e8d1ec7a1f72334b

SHA1
2b76d7aedafd724de96532b00fbc6c7c370e4609

SHA256
ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

SHA512
c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99EF.tmp\tn_feat.bmp

Filesize
4KB

MD5
032de7dc94187858eeffd18e9bb24469

SHA1
94e5838af273feb65fe262df010e5da4886ca8e6

SHA256
0cc16a7d68a25b25cfcbfb8b2da27c834c22fb6bc6617e6e03012065d3608116

SHA512
ccd0c6955036f19783f896d7849e6f0d5f127a991f139e29ea59b238536b4c4fa81cfd9735e4f9d670035d4180b089411897a6bacccf1a53c479f48c643d2385

Download Submit