5df870273c536ac0c793dfa0c6f7183cfb54abd03c1718897852178058ce7869

Analysis

max time kernel
140s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
Size

703KB
MD5

d3d30083623b2e568768a681ac0824fe
SHA1

ad249ee743f382ba31069fbfbdf3af99760534c6
SHA256

5df870273c536ac0c793dfa0c6f7183cfb54abd03c1718897852178058ce7869
SHA512

9f303d2409662a3c9d69e759994ddacf30594da55e708687dde50b16170d15504663b540935a18b25b9c30f349684475c31674cc3cec51a0fb860782491ffced
SSDEEP

12288:i9AAp4czpQD+91611pf8IwmMvMFpKIMWXDM+erF7Id1A84IX05ab:WAAK0QD+r6bpfimM0bWa87sh

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1788	temp1.exe
2456	temp2.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ws2_32.dll	temp1.exe
File created	C:\Windows\SysWOW64\temp1.exe	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\temp2.exe	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ieapi.dll	temp1.exe
File created	C:\Windows\SysWOW64\ieapi.dll	temp1.exe
File opened for modification	C:\Windows\SysWOW64\ws2_32.dll	temp1.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	temp1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	temp2.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
2456	temp2.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 1788	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	84
PID 3984 wrote to memory of 1788	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	84
PID 3984 wrote to memory of 1788	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	84
PID 3984 wrote to memory of 2456	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	85
PID 3984 wrote to memory of 2456	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	85
PID 3984 wrote to memory of 2456	3984	d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3d30083623b2e568768a681ac0824fe_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SysWOW64\temp1.exe
  "C:\Windows\system32\temp1.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:1788
- C:\Windows\SysWOW64\temp2.exe
  "C:\Windows\system32\temp2.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\temp1.exe

Filesize
120KB

MD5
bb6984e6a89c87cfaf07f7ca3e73ecb1

SHA1
3f4e5eb66894c580a1a06a9f728cf103fddbb892

SHA256
4fb13ca751cb28699f1eeddbe6d92ff1e642dceddab401825f70c1935f61496a

SHA512
597a81fa0c93165f31e3889d70305cc753e9198554e6e40881d78451580f17b081dc97ab39c77cbf1f5225d4e148a3ed144a7655ec1448cb55ec22325ea7853b

Download Submit
C:\Windows\SysWOW64\temp2.exe

Filesize
550KB

MD5
3a8c5087047d9525e57667a102116ecc

SHA1
916dd63efe1f2bb7a56b089524b139c9fced3652

SHA256
60bfa3ba27ceb23f740b913be748867d0b8d6e47474c341cf0b41fe2e729c9fe

SHA512
efddab8c52ddabf252b2c4f8f2de0a4c32f30dc431df21c79eddfb0c0219f2243cb439e8b6c2317af7046a05ae0b32ad02e074982f8b781a60c037070c54680b

Download Submit
memory/1788-11-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2456-8-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2456-10-0x0000000002060000-0x00000000020B2000-memory.dmp

Filesize
328KB

Download
memory/2456-86-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2456-85-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2456-84-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/2456-90-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2456-89-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2456-83-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/2456-82-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/2456-81-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-80-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-79-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-78-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-77-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-76-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-75-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-74-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-73-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-72-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-71-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-70-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-69-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-68-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-67-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-66-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-65-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2456-64-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/2456-63-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2456-62-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2456-61-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2456-60-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2456-59-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2456-58-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2456-57-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2456-56-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-55-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-54-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-53-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-52-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-51-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-50-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-49-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-48-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-47-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-46-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-45-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-44-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-43-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-42-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-41-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-40-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-39-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-38-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-37-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-36-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-35-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-34-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-33-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-32-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-31-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/2456-30-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-29-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-28-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-27-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-26-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-25-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2456-24-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-23-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-22-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-21-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-20-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-19-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-18-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2456-17-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2456-16-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2456-15-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2456-14-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2456-13-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2456-12-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/2456-91-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2456-92-0x0000000002060000-0x00000000020B2000-memory.dmp

Filesize
328KB

Download
memory/2456-93-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2456-94-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download