bb12ec5e7e8a9e7bc1e1b1cc16c9416f8c4c11925680ce9c1ee71a4dc6a09df2

Analysis

max time kernel
146s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe
Size

250KB
MD5

969d545c3c198806dc3933eb5ee87660
SHA1

1f1b8fc877c99617cbbf89f734a899616025f26b
SHA256

bb12ec5e7e8a9e7bc1e1b1cc16c9416f8c4c11925680ce9c1ee71a4dc6a09df2
SHA512

984cff86a1e1e0bf85b45afe621bcd600673e34abb22971d5b362dd2053d7042762f0ecf3f2ce0291831cd3a2372a0872acaed9c539c0af38b1c38217c1c3e46
SSDEEP

6144:5xS9bljwkVieLKyF0fY6Fncxr/Ya0Ux6wfegXyq:5xcbBwkVikIfYiDa05wmyyq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4160	969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe
4160	969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe
4160	969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\969d545c3c198806dc3933eb5ee87660_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\InstallMate\83D5BC5E\cfg\1.zip

Filesize
140B

MD5
ea8eef7d26ecc45b6a56c5ecdb494d42

SHA1
fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e

SHA256
1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

SHA512
12aea78e33d411033ab3fb235f17013161d32c52c3a9b29e76c03dfe1c7ff97b39daadb9a02904923fb1fac0000a910dca2c692d949a8fa83620d09c0df62252

Download Submit
C:\Users\Admin\AppData\Local\Temp\83D5BC5E\_Setup.dll

Filesize
121KB

MD5
9de99d8b2ba851bf56199abad51c1f21

SHA1
29ce9e0b3c22382e80472e44da351dc324fd6b46

SHA256
74867ac0d95d241b2dee21466708b1c3e6a4a2aec09a3c61ec4e31c9d6272728

SHA512
2ab25fc021779eaf9b70abb7a6a5079f4d175ea2bc60f4df6f0ee71f7463585aa6fdcd59764c094e9f7d663eb48abe30290cfaf4e811f4416604a0bbc8d4a0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\83D5BC5E\_Setupx.dll

Filesize
21KB

MD5
61307ed9d8158e44a6ede5960e07ee8b

SHA1
934a87d4a7a0340e76f116bfa6825beab4c7aa7c

SHA256
e09200ecfda49fd9993de122741364bab648ce1064c00a096d06d26795e1ce0d

SHA512
7abddaf8716ff5def75d62f85e620829844be3fbae6cedd1273dd3e17d65fa147f12ab561a1f2cae5d009d1a1d79e20fa0f89d84f668252c60f6eb4efec267e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tsu-1040.dll

Filesize
248KB

MD5
dc05c7e44132c0ae947af3e226c2cafe

SHA1
0d40ee4204e2778f8a34fa76f9c207e569605793

SHA256
d0f81bb9240a07c642d932034ad62930d18bee3ae6f928acde3c9ad59ba9642f

SHA512
3f37b7e2d616186bb4183d8421577d97cb4bbe48f47870419c16f68c2b86d30917d6ad6b9fef3947736585b8cb96b522858a82eb3fb1ef0f3d7d64cbb4b12e39

Download Submit