31b8ab5c5a20b40b5390b39f8b43b5a976827517d4faa0515db582e27aa06b3c

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe
Size

245KB
MD5

8e5e249a9fb046b7739748aca737526d
SHA1

353db82d0d2e7455203137e928492b6f1d987969
SHA256

31b8ab5c5a20b40b5390b39f8b43b5a976827517d4faa0515db582e27aa06b3c
SHA512

3eea80c41649cffbeec39edd77cfd43eb5f3dc9c2035a36558dd74a7906edd082ef5aa9c1e0b3161f968e4147c415ea930b89e1b8816ffc2784cacefa5922441
SSDEEP

6144:bx49ujCpOkLS2ZEpjzUuTVackMXWmayDnvjIewD8avR:bx4Npx+BpMKaiMqnvjZtavR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2556	8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe
2556	8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe
2556	8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e5e249a9fb046b7739748aca737526d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\InstallMate\265EE64C\cfg\1.zip

Filesize
140B

MD5
ea8eef7d26ecc45b6a56c5ecdb494d42

SHA1
fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e

SHA256
1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

SHA512
12aea78e33d411033ab3fb235f17013161d32c52c3a9b29e76c03dfe1c7ff97b39daadb9a02904923fb1fac0000a910dca2c692d949a8fa83620d09c0df62252

Download Submit
C:\Users\Admin\AppData\Local\Temp\265EE64C\_Setup.dll

Filesize
117KB

MD5
6c44ee7bcedb03e4b527659b1b38839a

SHA1
640b80d44a7c2d8890198ada13895f5163f26823

SHA256
c038eb7dcd51c7cdbdac2ad9e0312277cb8ec0f8cb1aba5e1a087114ee4d5a33

SHA512
d4c279b00f08f0f43212fe965c7af3ac83963bb6f34d8f79958452945b85ea15ac38067405bb69d9c7ef2f5a2eff993d2a8570abaa2e3940efe4d5e3ff583486

Download Submit
C:\Users\Admin\AppData\Local\Temp\265EE64C\_Setupx.dll

Filesize
21KB

MD5
7bf11dc0b1d03f21919c003dba276bfc

SHA1
e150fe0b706d43cf37448207f9f6fea214f4feab

SHA256
2c1ebb0859d069b83699421a3f3388f1532616d150c5eef79e7f8c370fdfc30f

SHA512
e87e074ba2d0a743ca3c2b24f643943937e79ce59c7c8759b5670d2efa7e96cda0f911eb8d65863828447cb0ce143b2ec04f56757d64f481647b3b224f0629c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tsu-09FC.dll

Filesize
248KB

MD5
dc05c7e44132c0ae947af3e226c2cafe

SHA1
0d40ee4204e2778f8a34fa76f9c207e569605793

SHA256
d0f81bb9240a07c642d932034ad62930d18bee3ae6f928acde3c9ad59ba9642f

SHA512
3f37b7e2d616186bb4183d8421577d97cb4bbe48f47870419c16f68c2b86d30917d6ad6b9fef3947736585b8cb96b522858a82eb3fb1ef0f3d7d64cbb4b12e39

Download Submit