c5df3e0348bbfdeb2a04f22af35376daf539c89448f4b29c9f4c8e5eb2579409

Analysis

max time kernel
139s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe
Size

282KB
MD5

89cc4ff52f29eeeded938cbea4a029be
SHA1

29a27a9f5c2480e2b6db69320f47b888863954d0
SHA256

c5df3e0348bbfdeb2a04f22af35376daf539c89448f4b29c9f4c8e5eb2579409
SHA512

5d911013ed9374f9cace28f10db386e0370e796f923ad396b5e2478635edcc2ed73e9965d00ab363e689550d1062e44954c0bf9629914fea7ae9dc1e2c22c61c
SSDEEP

6144:XEuUfAxA6cpt+fMHE7EIJGJEW3f/PbsX5pAJHymLM4ykXlHTQtMs/nwa:XEuDml2EII4kJSmLMAlsxf

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4996	89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe
4996	89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe
4996	89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\89cc4ff52f29eeeded938cbea4a029be_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu-1384.dll

Filesize
249KB

MD5
adb647de203421001356defee6fa3dab

SHA1
393278ddf756d236be35779666066c544acc7458

SHA256
c96807e91b41cbf4db5d3a97cc68662df344912f310b738b045501ac2c9eb5fd

SHA512
62024663db7af728ada8f73772c30d9ac9ec3486f0b1cd04c918d3ef3aa09d696c3dc063611b7fb6b661b0acc875f1cbd0ec73f9caab4cbdae83f652f294e821

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7EC2312C-3C29-DCB4-3E5F-740BA52113DA}\_Setup.dll

Filesize
169KB

MD5
e2eda8bfabb9a7d1535fa6bc766248ee

SHA1
2d4e970c2444d2abcc87c9b21dd83d56178c7ae3

SHA256
29d13f363a7659589e1b04c88eabda1eb335485e862c738f4897c4fc5708b9dd

SHA512
fe9b8199e124f73608f47d570016179875c43cdba080ed91732ed9e12e2608de88e219b63ad7b1b0a927c4d31623a69b2bcdbcae0e17a7ea93c9ebc57f54ccfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7EC2312C-3C29-DCB4-3E5F-740BA52113DA}\_Setupx.dll

Filesize
21KB

MD5
ed7bd248c7ee55d180a9aeaff9d566bd

SHA1
1405323b7e0d7bf9118f0ad0b43c8e4f50194bcd

SHA256
b7a879210ed266a690cc5360a928853c5d82d711cafe938632d8bbaea0e84bc5

SHA512
40d3b5b981f21f59a6aa623a06448ce135b38f6aa0dae58a9d66e7219a2c04becdc1f08d06b2a8cf71acd5b94e1ba344b3de9eaf9a9395ec6cd49f68302cec01

Download Submit