65042987d4b06914cd8a2ff5a51558c3cf9dfbbbb40dcac4644c07c629bfd893

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 21:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe
Size

1.8MB
MD5

b0dd1355ca4a4cfa87d17726d99d6269
SHA1

9c40015e9bd02bf9ae721320a92c0ae59fdedf9b
SHA256

65042987d4b06914cd8a2ff5a51558c3cf9dfbbbb40dcac4644c07c629bfd893
SHA512

64465558648f902f7935638f11c2c6a08e97c4f0f3a0fd6059dd6f2216e5c32d3de9fe75a3b5a47bb4764278302880f4a15360215331d20488c5ad8ec396d1fa
SSDEEP

49152:ReaF0dJ76YApScwUJBE4p9w6yM1v5mpKJtH6:R3FO6YDUJnoMt5mp0tH6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
872	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
872	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe
872	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe
872	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe
872	b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b0dd1355ca4a4cfa87d17726d99d6269_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\911497.dll

Filesize
536KB

MD5
37f2e15fe4fc2167dfd52626bbbc8e55

SHA1
d6dea1d69bcc1e7cbb1bfd16ad2f807113ada0c5

SHA256
374d4ec89f9ce8c2d8ae44da5c38c11453130efba474ef9ee7132f447e268218

SHA512
c67006fec7e57f764508246fbba61878606ad42b16911e2138f6cef2f279557740cd51ad9884333ab6a7bb69cb9b8e42e48402fd8de67caf27e398af56096609

Download Submit
memory/872-27-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-29-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-21-0x0000000010000000-0x0000000010086000-memory.dmp

Filesize
536KB

Download
memory/872-20-0x0000000010000000-0x0000000010086000-memory.dmp

Filesize
536KB

Download
memory/872-22-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-23-0x0000000010000000-0x0000000010086000-memory.dmp

Filesize
536KB

Download
memory/872-25-0x0000000010000000-0x0000000010086000-memory.dmp

Filesize
536KB

Download
memory/872-24-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-26-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-0-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-19-0x000000001001C000-0x000000001001D000-memory.dmp

Filesize
4KB

Download
memory/872-30-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-28-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-31-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-32-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-33-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-34-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-35-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-36-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-37-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download
memory/872-38-0x0000000000400000-0x00000000005E1000-memory.dmp

Filesize
1.9MB

Download