eb89d7ac792d27e118231701cf1ff27dcb310cdde128b33c7bf688a7ab6f2754

Analysis

max time kernel
144s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe
Size

131KB
MD5

753c845aa5c4c44ca6ba860b3ec69263
SHA1

d1b40341b387cbb4b808a8fdd2ea2272f0ad6215
SHA256

eb89d7ac792d27e118231701cf1ff27dcb310cdde128b33c7bf688a7ab6f2754
SHA512

6fd67f2298df87e0df15218c78cc16bf65a250abed217928a946accfa28504b3f23d6a0c48af867f8724ace78b6754de7e6a88fb8e91d76d7a6af1fe479bec59
SSDEEP

3072:DyYZO1UyjInGNZahr7/hA2+10pz8v7e+SgEipfvx:7lyjfEhrNA2+KINxx

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2928	753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2928-0-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral2/files/0x000900000002344a-2.dat	upx
behavioral2/memory/2928-3-0x0000000010000000-0x0000000010049000-memory.dmp	upx
behavioral2/memory/2928-8-0x0000000010000000-0x0000000010049000-memory.dmp	upx
behavioral2/memory/2928-7-0x0000000000400000-0x0000000000428000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\byvvut.dll	753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2928	753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\753c845aa5c4c44ca6ba860b3ec69263_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\byvvut.dll

Filesize
123KB

MD5
a07947042a3c848b202bfacf0b568b30

SHA1
a220370b4d2fa82dec793da513bd873c86edb4e6

SHA256
9374e0ebff36453450465c86bd985e91855c7c53a59aaf9e121150d4d814dce1

SHA512
badfad6a0b3d392e42ac20cfe3c15304e2318e2e0922e60e833be627a4a26dc13bcfa28387d2bfd227d62938b9f404ba1dd0572231fdc3529db5061a7d15b098

Download Submit
memory/2928-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2928-3-0x0000000010000000-0x0000000010049000-memory.dmp

Filesize
292KB

Download
memory/2928-8-0x0000000010000000-0x0000000010049000-memory.dmp

Filesize
292KB

Download
memory/2928-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download