12d25dd94e4c06ec3cda5f0eddb8885b7d466ec80ec37aa61613b32f3f3b09f5

Analysis

max time kernel
146s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
Size

489KB
MD5

875f21ca1804a7e38cb571d6fbe6bef9
SHA1

bfa67f3e78bd59eff5a8303fbe6b3c2ac3afb350
SHA256

12d25dd94e4c06ec3cda5f0eddb8885b7d466ec80ec37aa61613b32f3f3b09f5
SHA512

68d40c73cb8796f1306a7fdeb6ac8e90601d6bdc2c86ce455867906bdf6161f420f46504b87b1a151005671d6f9b2dab3c4c0dbf58d9a8093943ad1084b8a46f
SSDEEP

12288:PXkbXjaxdrcFX9J5HBTn7A1415PF7CA2gJph7:PkbTI6Tn7A14fPhL2K37

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
3660	875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\875f21ca1804a7e38cb571d6fbe6bef9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MBX@E4C@21717F8.###

Filesize
2KB

MD5
b51ecfefbf8a04187b8ce055403f4058

SHA1
54e66dfccddc855c0f11d52a7c1cfa3c96afbe40

SHA256
424723d9c20c4936849362b330cff8d3e3619f5511d746907c2f6e9063f15484

SHA512
0e68cd375f37fea36bc531faa0617592a50d4fc5e9dadebde1270b02ba94813f542c9d6914ac65db5c1bfdcba63f5121e2be2343c1e8fcd2195d342a07a75e17

Download Submit
memory/3660-11-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/3660-3-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3660-2-0x0000000000423000-0x0000000000424000-memory.dmp

Filesize
4KB

Download
memory/3660-1-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3660-8-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/3660-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3660-10-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/3660-13-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3660-9-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/3660-14-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3660-12-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/3660-16-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download