fd681b5fac034ac2ecda7cb7da0d60e7d1d662e659b2309ee82d4b12ef2b5149

Analysis

max time kernel
134s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a822e307a318251c2f961b16de3153cc_JaffaCakes118.exe
Size

11KB
MD5

a822e307a318251c2f961b16de3153cc
SHA1

7eb2749df210327b7096e1b6cf070179bea2a35d
SHA256

fd681b5fac034ac2ecda7cb7da0d60e7d1d662e659b2309ee82d4b12ef2b5149
SHA512

e6378b22d6994f1881e024ae2d09563019587829f87cc6f4d3ab3f3a1536a8b349be8f86daab70ee21ffada2d576a03ad6838ced5df1f421450ac37e293e3c38
SSDEEP

192:KtMOAKbWLLH/q4zqD9YjtTgWPaX3rmC8l3bxawF6Tg7kgdCB+Hht:KuOAKWLrNzqD9YRTv27mC8z6Tg7pdCg3

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\explori.exe	a822e307a318251c2f961b16de3153cc_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a822e307a318251c2f961b16de3153cc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a822e307a318251c2f961b16de3153cc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a822e307a318251c2f961b16de3153cc_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\explori.exe

Filesize
88KB

MD5
ed227966fd63144b8c2904c25a8194a7

SHA1
ba017cdb87137e0af6af4b4e1284701587ee68c7

SHA256
9d35cd48e1818e9a2dd03fd8864d8dbfbfdac84b99738461447fbb929f7c4f6b

SHA512
bf37e30cc02c3b8eeef7cca926ac01e7b913d38d61f0b72e7ba047b4ebb710c4fe0661c42366ff09579620bf3c1f1f0ca87a149c2f71f60d5d3bc3a908b3b89d

Download Submit
memory/1804-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1804-15-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download