6650739d4d96700dca32d3e2369f652ed8a7ba6fb2ae6f27857bc58ce11040b1

Analysis

max time kernel
140s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 15:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe
Size

2.5MB
MD5

96ae63fa6093b1b5a70fa517b773e7d1
SHA1

7aaaa88509f387ffe9722b7e7e01733a395e5adc
SHA256

6650739d4d96700dca32d3e2369f652ed8a7ba6fb2ae6f27857bc58ce11040b1
SHA512

5937cac6711f6cd596efe2fbac2f87ffacf29735179aa6b7bce00059a97bc8f432e6ac240d7dfda6bedbaed7fb6b6f846de64df3d8a79ec7bcb896f278339b73
SSDEEP

24576:b1R/kgC1fwhnbtwsCud6Z05Ado6f0wmYO6aZsjPTPODaBoUegr:T/29KJCudor

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GameZone2009 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe -s"	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3208	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3208	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3208	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe
3208	96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\96ae63fa6093b1b5a70fa517b773e7d1_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads