3fe3f78de8e180102df49530f3f4947f365f9dbf3308b513413631301ec02bc3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
Size

93KB
MD5

a784b0fc6e5864c691ac5c0fbe7fb77a
SHA1

d79c7899d0f4cb804da9dbf36debaa438c2d44a8
SHA256

3fe3f78de8e180102df49530f3f4947f365f9dbf3308b513413631301ec02bc3
SHA512

c56326f1ccad1a8ac783b5873f94acd8f834f4946d2a3d0dc6ef2c3a53e197913a1531a68b69cc5842158edd2d806fc47e5413f30d21447363af424e43361ff1
SSDEEP

1536:kfeDH9ypBiSxngWxXs9NQnFuhIvOP1/XwSpncBzaPiYNknD90Xne:+yMiwxX4hIvOPtAYm3YEDYne

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3680	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3680-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/3680-19-0x0000000000400000-0x000000000043B000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mmjbwin32sysx.exe	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MlDll.dll	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mmjbwin32sysx.exe	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3680	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
3680	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
3680	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
3680	a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a784b0fc6e5864c691ac5c0fbe7fb77a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\exe7B2C.tmp

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Windows\SysWOW64\MlDll.dll

Filesize
176KB

MD5
a841575207869b52df9d30cf052fd3ac

SHA1
869fa9823dd1b92ad9d70bd3354b62223a61eaf3

SHA256
171c30eee67f92344825ac68836e154af4d4b1c0edcd326d59b64fd7007f4afc

SHA512
286cfb2d08ae26136b05a4847140c61058939d66393e5c4e31a29c3ca0c6f60221aeb66d5ddb51808a56064a44c10eb71669e0f16b5859c4ad2a482f0b2d7703

Download Submit
memory/3680-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3680-19-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download