9d0426682f97209da266f8911e8d10d8fa44e3b83a780f0850aafa84dede1c8d

Analysis

max time kernel
141s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe
Size

1.8MB
MD5

c8e65730e37a0d727e7bfe5b5c0dc6b7
SHA1

96916b566414a1dfa47fdfd731dc9eea87e25045
SHA256

9d0426682f97209da266f8911e8d10d8fa44e3b83a780f0850aafa84dede1c8d
SHA512

6a30b33a60c983c38b92513c1af087c45ec22c073193993bde2b6c970eb640b84b292d8201f306ad2e36c2ca5c8a57676bbe01b9f060983d445d709dc9c28c1f
SSDEEP

49152:5avvWWRc6Hd4D2yLG71MdOJcx4oryLIrBGinXBgJ:Qvjc6HdI2j71MdaoaOPRgJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2108	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp

Loads dropped DLL 1 IoCs

pid	Process
2108	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2108	2728	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe	91
PID 2728 wrote to memory of 2108	2728	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe	91
PID 2728 wrote to memory of 2108	2728	c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp" /SL5="$902D0,1546942,54272,C:\Users\Admin\AppData\Local\Temp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4460,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4ICEE.tmp\c8e65730e37a0d727e7bfe5b5c0dc6b7_JaffaCakes118.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-US152.tmp\Games.inf

Filesize
208B

MD5
2b68fb33356b62cf3e8d98523097cc47

SHA1
64ae113478e2009fa0fc011d094f93880de9061e

SHA256
1f18a5a357b679f5152b9e85ad4d5263a73095ab9b94ca18993c8068eccabf21

SHA512
eca4de99518474df811671ecdb4b4ce5de5299cb44c194b3ef6f4dbdcb821a5c0b624f10118ec807deb778f566b6fef82abb2fbd9350d26ff758280526cecdd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-US152.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
memory/2108-7-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2108-35-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2728-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2728-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2728-34-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download