1a593e65a8496ad040269019f513fefe8aebcd2fd13a984f7ade5ca2aae2b6bd

Analysis

max time kernel
135s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b69532dd4cfcdb81d202dceecc08bcce_JaffaCakes118.dll
Size

764KB
MD5

b69532dd4cfcdb81d202dceecc08bcce
SHA1

83f58f5103c6fe26562b37fde264c96d0d2237ae
SHA256

1a593e65a8496ad040269019f513fefe8aebcd2fd13a984f7ade5ca2aae2b6bd
SHA512

d38998f6a89e5361c07bf1456b214e67d2eda206bc31ce17cb590ec35e6a8603d3a44fa8063397d5f34ed3dc99e9870ee7e9bb0c7040bd8dd1150bb78ff51d45
SSDEEP

12288:aiMLypLCFvtlba38FdK0oNiIH7sFYAqdHVO4N11j4q:aiMLypLUnFw02iI4FRMb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2576	rundll32.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe
2576	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2576	2964	rundll32.exe	91
PID 2964 wrote to memory of 2576	2964	rundll32.exe	91
PID 2964 wrote to memory of 2576	2964	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b69532dd4cfcdb81d202dceecc08bcce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b69532dd4cfcdb81d202dceecc08bcce_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4372,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:8
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e582e54.tmp

Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
C:\Users\Admin\AppData\Local\Temp\e582e55.tmp

Filesize
1.6MB

MD5
5870ea0d6ba8dd6e2008466bdd00e0f4

SHA1
d41bf60d0dedff90e3cfc1b41b7e1a73df39a7d5

SHA256
5a7dac8c8b5d7cf1115246dfaf994e7f50e16a7eac1488642396f5e23fddfe0d

SHA512
0c620d5e7383adcf979feccc3b1bad584a5cec8b3d74d0ace8bb786f1f04ba87fa70d59d041dc3833977d44a75f2070181d4054c7c0b9c4ce2d66249b4b3c837

Download Submit
C:\Users\Admin\AppData\Local\Temp\e582e66.tmp

Filesize
137KB

MD5
f6b847a54cfb804a25b8842b45fd1d50

SHA1
bb22fef07ce1577c8a7fa057d8cf05502c013bfc

SHA256
5dd2f5a957946e0b6f63660ebd897851aad4795d4c847396c47ddbb647715583

SHA512
dd08a55f538e2a33e6a0c496dc97ae9045594cbbf62f7894ae8ded63f4dc0b2e89c5935269adfd1c19607b1d2474bddc49f6acb955e6dc53a55560663ca2137a

Download Submit