c1a9bc1e8b7db730f6d449cbb01ec47506abab1420a61c6141aeb66cebd680b6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe
Size

259KB
MD5

853f50af69965f8a6daea25242c04f3c
SHA1

f8616ba38b2cff324756d5f9a3ab2f9207a1d054
SHA256

c1a9bc1e8b7db730f6d449cbb01ec47506abab1420a61c6141aeb66cebd680b6
SHA512

ac4c9131007f01e9cffc0af1207cef9b7c8e556f3e3e0ab49e800f5b565d525c8e530da7ebf40c6bd02049d5b0f0085b784dee89d53a666a9936b72abd97a4cf
SSDEEP

6144:ylDMQnkXdukexqpL72mEv5HWba84zFZsIOy+gYTmp:yletQUpL6TRsqR5YTmp

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4080	853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe
4080	853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe
4080	853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\853f50af69965f8a6daea25242c04f3c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu-0FF0.dll

Filesize
249KB

MD5
b2ff615df5dc0ee7df0a8fc91af546e1

SHA1
972f266ff94365a3be690a82813654e61f205ece

SHA256
0972efe30eaa01a90145429a5c76e93a97b2152eef66ea344ef4031a7cf54d14

SHA512
fc656b64816013bec7ab6db802374fe9bdee1f9997febc04ff5f27ade7d2560c1c3dc03e9ee0898082dc83c4cbf3fb19e5f7835137cfc62443a037112fb1f31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5FE24108-3D7E-8848-6AA3-755C840163FE}\_Setup.dll

Filesize
133KB

MD5
3e7f876e3b57f239defc663abaf4a1e8

SHA1
9fae6c90f012561ea778822236eb42483f21ce42

SHA256
a40eae293605a8f25e7c223732f629fbcbad979ff6a2a9dd1c2a5c713e2f480e

SHA512
e95c985a8c6d3eb54560858d8e6b44846c6221304e463492c094cd8ce6148a73522c90e59318ea0ba7d7ce352e27c3007be55365e018d4d4f65017adcf6eae9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5FE24108-3D7E-8848-6AA3-755C840163FE}\_Setupx.dll

Filesize
25KB

MD5
e0bc033ebd368936b8fb4be01d94d897

SHA1
d8c8a3b119e45b940ecb9923da4647a044c4d0ec

SHA256
6dca6d725304945bdf32423e4247f24a681764fe0be8295ab3abf3123e11a011

SHA512
5f9901208561e9c54f744f6d018b04d76e2093cd584fe4bd7e13f4d5e8d25c70c83f157898eec638d810f50a2d9fc75280b45e7b55908de6dc312e0b29e8b646

Download Submit