4cdc46c72f8a3ac8d307014bb664e606888a2d9a23e376024609b280e279ed08

Analysis

max time kernel
137s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe
Size

234KB
MD5

bb947f11af65a1e54a0b25af004f8b22
SHA1

b4e3ef9c6d560a8fab06e9dd2c108f6ca4171f0b
SHA256

4cdc46c72f8a3ac8d307014bb664e606888a2d9a23e376024609b280e279ed08
SHA512

67e6411b62649d9eb6bbdc25bc473488f5c2716f03587a3b0e1d7eb79d616253200c56a41662a4c81b2f8babbcaabd4485205e5d10046042ae5aa83ae013f0fb
SSDEEP

6144:RRgym92YGB+40vPLGPA/R3IacIrzpcxtIwLLLJSgIr61VI:L6fu+40vPzRZ+xtrLLLJSgg6E

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2184	winvnc.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winvnc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2184	2996	bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe	84
PID 2996 wrote to memory of 2184	2996	bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe	84
PID 2996 wrote to memory of 2184	2996	bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bb947f11af65a1e54a0b25af004f8b22_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\7zS6F44.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS6F44.tmp\background.bmp

Filesize
1KB

MD5
6ce6e5fcf1a56b80f4ffa6f685d4329d

SHA1
91780868c241e83754003855407805c0cda20254

SHA256
6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

SHA512
7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6F44.tmp\helpdesk.txt

Filesize
950B

MD5
9934fcde425c0c6fc736d02413001a3c

SHA1
50b4f182389639b84bc9a1eb0f66ef1dd42ef8ff

SHA256
3cb4375a2cb8b24c351f2f93812d49f70fa03c2ddb93e998ec1c433d84cf1f95

SHA512
17de7878c1079da9f40901d53a2b77c8bf3ba9466cb7e048e73493d1f952a4d9aa02322f38aab51f62bf2f8f942e3c43658ae2d8987005cd633558a1259071d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6F44.tmp\logo.bmp

Filesize
34KB

MD5
7b0698b67c5c37df442ce85c3418bc5f

SHA1
ca804f5bfa1b3cb14cf5e1c619a830b0761b1582

SHA256
0aef19db6a05f59688688e447a4e1ed4d0650ed8db438a8cf097f4189727e974

SHA512
2695645bd59196acc7aaa52759bd7b4975f97fe8dc27a81b1ed0df711caf8729c8eeccae0981371ae5231154b43c98c1056088a4c5b9694e67df268101b77598

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS6F44.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit