a01a71a4abcc81f885260c9fdcba4348292c743dca5259d22fd261c6071d82b7

Analysis

max time kernel
61s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe
Size

44KB
MD5

d4eb1f5f7c3683f2272c49edeb1ba0ab
SHA1

8c9453b2908fa6b8dd07d02fd8c70aab4bbaf1a4
SHA256

a01a71a4abcc81f885260c9fdcba4348292c743dca5259d22fd261c6071d82b7
SHA512

1e2c98c8950dc1777ec12de71a8a763fd0cfea36b37845c842677c18cf4bdff62f2d6e19cc2af67a6cebea44a0f6e146843865eefae914dc4198c6c1e69e7e8e
SSDEEP

768:XYTarnP6r6phcFdVnnVehpB9OOAj6X8FhMrf2VZ6X4tiXcC143exZCHsPvydGZxX:gTm+dGZEw

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1060	d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d4eb1f5f7c3683f2272c49edeb1ba0ab_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
9c94affb97b990a1a59e9a60b5e7a582

SHA1
a40d9fb91f0d7517525898ad33f6080e03c487c6

SHA256
0340cebc1dd4d36217c122965ed577a5d4b48b4303855981cf4c60165a70d0a7

SHA512
5b9899c9fae327b90e76916e1cb5f9dc744dc5024f3aa4214a63b14e0d4c910d6fd67c4fc1024f33cfd7c529debaf7b39f13901d8b0f2c9b66ecd2582caa526d

Download Submit