84f1606424d1f31c33555a605e1e4c50f7cfed84d742363e3e5f6c8f861b5319

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe
Size

254KB
MD5

aa05328401de5fd5446e10b11d674c32
SHA1

5194819a710e6da07f64c080b61efc68a17ab83e
SHA256

84f1606424d1f31c33555a605e1e4c50f7cfed84d742363e3e5f6c8f861b5319
SHA512

877cafcdb2795a4c1aadfb488add273a5b2160f45341b883819d2d0c09f4abe57e6bd145a057e769b111bc637af64ff27b1d5598270645c308a2fb53b0d54fd2
SSDEEP

6144:e30FQXwb+GtmvcRdlLKmRMnQ7GKfPLgMA6d+3QCg:e3Ab+GRdencGKfH+gJ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3408	aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe
3408	aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe
3408	aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa05328401de5fd5446e10b11d674c32_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1241A9A6\_Setup.dll

Filesize
128KB

MD5
074cf17c449cce990cfa2f7f788a8125

SHA1
02e448bc1b2c6045ee16096ec5749ba6c56a5d5f

SHA256
4ee65379ac79ea50d718ec3afeed121912c28a0067d5eec51f2fe50bc7afff82

SHA512
7867484238a36a981e792b8929d79cac8ddf23db66e7f92127fd43ceabc8444d30ee8a930ba25fc851f252a2f39618c5f67779c9f02d236a85670216547ca6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\1241A9A6\_Setupx.dll

Filesize
22KB

MD5
56640a54d5c551889c234b4094a06f89

SHA1
3087f00d056ada8055015f832832a0b6b82225ac

SHA256
dad8a62f875bdbe0d0da8dc65c8e13e6d14fc6a3fe293230382e1acf629bed25

SHA512
d521bd45a04506dfe269e2ab6c47d4a1dcdb037be4e20750af2aaa52715cf750df20b9ce67a99efb26169362c4dff03921cf7c70e70e86352e552849570ac192

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tsu-0D50.dll

Filesize
249KB

MD5
c147e4237b78ecd1804e8ed89aec3c5c

SHA1
74f7a58bc08794ec138205b18640ef487cea2d5d

SHA256
e0798d55f6f58944c03c739416b80794fc7b896a58f360d56ce40c84634c8511

SHA512
02f8730a8169f6029e80e5d79c1656e3d73838cde16ee137d7b764f5c725e8888f4ea81023c97e036b4fc262c679efe1fef66290e9028b631ca5b73efa4561a0

Download Submit