c8a469f3405b3ba62d4251f863e04f810d475aca7e56d2c4db7aff2e1d87b805

Analysis

max time kernel
1s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 10:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

77e2d99bcf831936ebe8a259a96b6001_JaffaCakes118.exe
Size

676KB
MD5

77e2d99bcf831936ebe8a259a96b6001
SHA1

7414cdc96166ecf4144e87d8988c99391f47dd98
SHA256

c8a469f3405b3ba62d4251f863e04f810d475aca7e56d2c4db7aff2e1d87b805
SHA512

a7fb38324fd5d4e583626f6d4e07ead39ec33a12d30d3bfea1aef1fce7ae77925b78f7078d8476df3b11ce74c619e5c40a0034e92f8253c21450d6f1d4cf51c2
SSDEEP

12288:tWS66ADniqwce2BRa5XNyPB0sUVHXe5RG2J6Vln9q6dH4:tWfPwce2cgPB0JVHXe5RsVln0B

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2436	77e2d99bcf831936ebe8a259a96b6001_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77e2d99bcf831936ebe8a259a96b6001_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\77e2d99bcf831936ebe8a259a96b6001_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\77e2d99bcf831936ebe8a259a96b6001_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nskAD67.tmp\InstallOptions.dll

Filesize
14KB

MD5
eef9e469e8a30717974499f277d97e2a

SHA1
2d33c25984ebd9116beeb55cdde4c5c86c023e5d

SHA256
1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

SHA512
d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAD67.tmp\ioSpecial.ini

Filesize
657B

MD5
325e6f63e116b5c9582de41054d95bce

SHA1
eca531029771091c1ce97307f6796ff2c8d61da7

SHA256
7dc8bc60bfc02a927eb5189712becdc709ac5aee2c088550c2f1f092e375136f

SHA512
e5198f2779ad21d9142e36dd60be18aa0ea8932096d679eb203036d4d14d167eeced684dac8726f7c3d8ae1cb653aa2bb10f76e371e7dd1865b26f66ea48bc00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAD67.tmp\ioSpecial.ini

Filesize
386B

MD5
39cf706b2e76cea13b6cde8920aa5f43

SHA1
3eef0f4a98f84f5e7aa72c46a408cff35e10373b

SHA256
11eab396de14c4756e294f54c26cdc2f7f57aaf51578a175f81448255794662c

SHA512
3b9b5bd72a1984262b3f05e8a02eeaafb5a8eed4f50a564145590ce06f5516c3da217ea478dfe4d89c87dc24b79937699b693b6d732c14b3863fd2bde84a9bc5

Download Submit