452e44d1f09de9e6a8568955291c3c878e263ed9e447f776c5c0976f4b8a0bd6

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
Size

7.1MB
MD5

8d8b0ff6ae57e887092fdfd53d780d39
SHA1

c08831bcad806099b11540b6522134e028f68021
SHA256

452e44d1f09de9e6a8568955291c3c878e263ed9e447f776c5c0976f4b8a0bd6
SHA512

547b351ac9936d3a99505364259ba0aefde7531f2088e1c59319b475067ab07997e0d5788ff43865b77c520e44de88a1eb4cae3b037e4ca07d564801c075f97e
SSDEEP

98304:9e1aO8b12W7UJCc5Z88NYRBNOy4V5SJBAUZLBn5Dz:9e1c2WLc6LmIJVVnd

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
3840	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d8b0ff6ae57e887092fdfd53d780d39_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PSE11\php\modules\php_bcompiler.dll

Filesize
46KB

MD5
a44bca08e8ed65e636f8b68960b8d7ea

SHA1
1803024e3e62f51d474e832b67d2d8ec167b96de

SHA256
26bb0541924fd7f96c22df5b4f7b8cabd88ea440dd19ddefb4e2754f17eb0df4

SHA512
c83a5c4b5f38767e74b67b81f83635459e9165e4bc6574c53e77e57cfb1107aa435172375e8eee44e7fce2b50ec8f108dc8d609bad332798740de7cb6cf51e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\PSE11\php\modules\php_bz2.dll

Filesize
68KB

MD5
2f8bc6c1741bc86ee012f444c56d192e

SHA1
c4840d4d39dd8fafe4248ab96082860a0db02f6f

SHA256
ec6f6310e3a08ad80ea159c336e93cc024dae223a5bd4b08ae2e0351941aec07

SHA512
6a8e415f5d14f56a29541d50f7277f66222f4f1374fdb1f1892ce51dbc29e5ef766552518a2c78b8ae0bb5820b6eb3330b2dc9595f80b78ef6131de069a8c76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PSE11\php\modules\php_curl.dll

Filesize
232KB

MD5
da6d2323b59d8386c283002e140500be

SHA1
8dc541b38be8cfbebd0aed6dbe202215272ffb11

SHA256
ce9e0cdd4e2f11a765e5b668c1c1871e27786297c0d99ea1b9326cb5fc0477fa

SHA512
39b54e7835f3099fc048c06a6ca917c69689a18c728bc4ab3f2ff476534c5c28591206ddce5b228d01ad6cddeed2a63295d95e35ff8721bcd9325bd0c0fb8f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\PSE11\php\php5ts.dll

Filesize
4.6MB

MD5
5483bd2f68e4be087be99e938c4de8fc

SHA1
e5e56d93b69197f11f87d8dd3e84a9697b4ced29

SHA256
e452640009a12c3a666a425515953ebd3ca29a9064ed616671d722d31f9d2dfd

SHA512
3619d7f95d48c0840439d59a81bf3e6050f445e0158527aa24d98702f5cd6a67298947e999d23cfba80b0d279afae81eddc75d24a455bc484f7b3586482b2bb2

Download Submit
memory/3840-19-0x00000000029C0000-0x00000000029D1000-memory.dmp

Filesize
68KB

Download
memory/3840-14-0x0000000002360000-0x000000000236F000-memory.dmp

Filesize
60KB

Download
memory/3840-0-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3840-8-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/3840-25-0x00000000029E0000-0x0000000002A1B000-memory.dmp

Filesize
236KB

Download
memory/3840-27-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download
memory/3840-30-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download
memory/3840-31-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3840-33-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download