c09a452b2394f21550f9dd38cae0feeb671ca3fda542c610572a88e5b11e54db

Analysis

max time kernel
92s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe
Size

9.8MB
MD5

dc1eb83a3be212b679c05b24d7ff57fc
SHA1

f53cec5b21960fc6c686fbc88e23e3127d79749c
SHA256

c09a452b2394f21550f9dd38cae0feeb671ca3fda542c610572a88e5b11e54db
SHA512

cc8c119fcb885025b33751e6aca5884cbed4995b5913fb080aeafc8e6a9368da37d53c5ead238d40f9055b3156a559c3037eb741ff226faed4d867dd3166fa72
SSDEEP

196608:yysA2RgClwYNp+2A/TYm5jiAb77NxVIbSV1/FXz9P2fnj7Wtz1wAU:y7AYDHNp+2uYm3jNLGEFJP2fnjF3

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1860	dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe
File opened (read-only)	\??\B:	dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc1eb83a3be212b679c05b24d7ff57fc_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~vis0000\English.vlg

Filesize
10KB

MD5
2f5fd0039e54e90d8c77020094ba5835

SHA1
4b5633c2de8cabe1a0f62ba8a5289c073326b31f

SHA256
920d6ea0fb774d0ee065739ad1aff269f98ae55d01a77bb2080e55a2be75f9a3

SHA512
f29f19926446d633f46b2e37e57680c71a2cdbd465b5c2d2955a4afa694b0d967024b24283af99a7321b74c2874c2ddd287e524af6d3062420b83102b997f90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\vise32ex.dll

Filesize
496KB

MD5
ec6736ff6e49d30c998de60055aa7819

SHA1
f8c729e7cb896286e364b9fccc227298effb4e9e

SHA256
d5e0c8cbe9e0c274260f6c8484dcdfd7cb5ba9ef094f3f7a7951bb4b92bc2193

SHA512
58d3f0df653cd83ba63bc46adeff587f736d79ab7f275d03bfb1aa4709afae0ef456a1e2597e407ef07e67ae84a9689184fbde8d4a7964716a14f21f865e9d8a

Download Submit