6e7eea0f4710d328b79f39a62041dea54c19c0c30d2709bd9fb8d30e070fbc39

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe
Size

9.2MB
MD5

a8e21c3453fa0e56ba5df7fdb504db4d
SHA1

2cc8600754f7fdbde78386e4c48438af1cc564ba
SHA256

6e7eea0f4710d328b79f39a62041dea54c19c0c30d2709bd9fb8d30e070fbc39
SHA512

52da6119bd373ea4d0f8d375d0fc7881fe09fe3322f0843f446f2f1fd9ab5a0c4ca2abfeb149bbd0a2559d0034bfa7699f58e905d91747e4f5e484082dcb396b
SSDEEP

196608:iRlEdgl3yo/Dmnj8PkFZgchOgAhQlsrXW0CXxx8i1zwnb:iRSdgZNyj8PkqMlum0atNwb

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
392	a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	392	a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
392	a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe
392	a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a8e21c3453fa0e56ba5df7fdb504db4d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\html\images\bg-1.png

Filesize
22KB

MD5
ab8020db914c5a1eb9b43a406e41437c

SHA1
ea1d4efd661eb4772b4e5e6322a598ddaf3d9cd1

SHA256
3df855780f5330638114d02e07233afb1c0381bb730fe4b375464825b76f2e07

SHA512
a8e3012390836fe77997cb9cc6f6307eb9497f009054a4fe580dcf11b83a3273cd305aa59536e0c7cb5bc7d358d4738dcf97c0fc9318b18955caa74d40daf9e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\html\page.html

Filesize
1KB

MD5
63d73b370db908bf45b965117368b570

SHA1
5dd596d38bcec2f142331083715180daba6a5bcb

SHA256
1105647cfd0ee3353f0b864eb0c8ae03c49572e4dffca6c275684c057f0ffecc

SHA512
21cb980359e7aa542c90b88e6982a1ab42499b2a2706c69f484f3878fb69a4df37e734a1ccbc194d19441289434706b979e56803977810752b20f774fc0e5fa7

Download Submit
memory/392-0-0x0000000075062000-0x0000000075063000-memory.dmp

Filesize
4KB

Download
memory/392-1-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-2-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-3-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-4-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-5-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-77-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download
memory/392-107-0x0000000075062000-0x0000000075063000-memory.dmp

Filesize
4KB

Download
memory/392-108-0x0000000075060000-0x0000000075611000-memory.dmp

Filesize
5.7MB

Download