e0810420999697e89df8b5d7988085545cf5983b945230706d78a247a0fcf508

Analysis

max time kernel
140s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aef0cc3782fc43594d87fef581f520fe_JaffaCakes118.exe
Size

1.6MB
MD5

aef0cc3782fc43594d87fef581f520fe
SHA1

46d58aa85ceb91918a3cb85d8582e73cdd4e967c
SHA256

e0810420999697e89df8b5d7988085545cf5983b945230706d78a247a0fcf508
SHA512

cbd81c92d49b7e6cd87d6d5fa014cceef07e87d967f32cf13dd3724149b824b361dcaa1dcd7e582a9a030788e8510b4cdb148d8cb076cd8b4d3f1c2c5a78deb4
SSDEEP

49152:xKK/WLTfIljeWJ5CJO+gx2H/IVVtctXsO5lu:xYfIlroO+pQTtcBLy

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1512	aef0cc3782fc43594d87fef581f520fe_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1512-0-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/1512-64-0x0000000000400000-0x000000000043F000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aef0cc3782fc43594d87fef581f520fe_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\aef0cc3782fc43594d87fef581f520fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aef0cc3782fc43594d87fef581f520fe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\1L23NLQD\Enu.lng

Filesize
4KB

MD5
27677300901d028048d5e8cab0ab7e52

SHA1
68c456aaaa97646916b01e170fc1321bff761398

SHA256
97c2f7ba21eff15470a8af5afc5954136794e5c5cb65f393602d3baffd48cf61

SHA512
272b985c137a0850b5ba6c5311e04079267256dc6a1e294d82586146ea6d9321a99718a73a04483a134664863774bd3431e124e88219f13e60aee5b125bdb4e7

Download Submit
C:\Temp\1L23NLQD\Gins.ini

Filesize
1KB

MD5
c56013ffc1109b1c4172eae511c8976e

SHA1
4b382d075eaef5e378de79f9d3638a9903f3be28

SHA256
f5c0511c4c027c4eb6b4c7493ea2ee7f5ea714e3f56af13eaf3637d44781a57c

SHA512
cc852fc4746be079c732100e4792a38167a8f97c86dfba93c1e0b074b0a921394d8aacb826b88667efbd7f530e65633d6710ab83592424c64a985ce4d8114b25

Download Submit
C:\Temp\1L23NLQD\license.heb

Filesize
2KB

MD5
c47e1d78099ffe57b842b690b80fba85

SHA1
15643e34e7f73dfe6c2068901c6dc939e281aabb

SHA256
e488da04a90906e723057c370d2b24307b5eb98cefe5a2b69d1b0ac5fd07ddff

SHA512
94184c9a9f68c359ead7bbb5bafa0cc5d287a226309b44eb8b9ec6cb41692046d67bfc2e713688abad75f1071112f87878d6a2a08639e615df2df810df29b8c5

Download Submit
C:\Temp\1L23NLQD\unpack.dll

Filesize
33KB

MD5
b31598853dad185bbb35f7faf6e9dfc4

SHA1
123465e3ee2685e04ea8d3a34ab0d797986279ca

SHA256
d29110a1488695960d35afb6697e7dd05c0e837fb20aa2c88270c7f2d81311f5

SHA512
728a3cf4727acb5f4aec54d4e3586cd08c3bbb0c0ce6640f74bf784f91473ccc138647b419de40144a8059398ffe2f0c66f6f5b0472d04aeda387e9e47082b5a

Download Submit
memory/1512-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1512-64-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download