3cbde89ae5f0c5ef8f220da7b91e4cde10c698711ec7040b155ca1c86bf9272d

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe
Size

4.1MB
MD5

e181de47378d02c393d81f9e54cfea6b
SHA1

75f299f6ac44304114f5ccbda57f69a7b69192fd
SHA256

3cbde89ae5f0c5ef8f220da7b91e4cde10c698711ec7040b155ca1c86bf9272d
SHA512

ede689335267a471108ade7917f69ecc9c8267cf253386cf89c1f3f6e2d239d630e406b57f8ed138d64bae4b8b68af7a78794c2e7b560431cc801ac9d1947ae8
SSDEEP

98304:KAyiB2ZpxbZEq1pkpkNlhHhHENsWK33neWO/t/N+YpidVC9xFIG7:K3pDbupsxqpK3rO/pN+YpidVC9Tx7

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
516	e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe
516	e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe
516	e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e181de47378d02c393d81f9e54cfea6b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse855E.tmp\InstallOptions.dll

Filesize
13KB

MD5
d765c492c21689e3d9d61634371fd861

SHA1
ac200933671ae52c9d5544d0e2e8e9144d286c83

SHA256
551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

SHA512
9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse855E.tmp\System.dll

Filesize
10KB

MD5
fe24766ba314f620d57d0cf7339103c0

SHA1
8641545f03f03ff07485d6ec4d7b41cbb898c269

SHA256
802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

SHA512
60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse855E.tmp\ioSpecial.ini

Filesize
748B

MD5
c4f5d4886ef48c426f1fbddcfc2904a8

SHA1
e24555fa921c70b53264a696c6d7c46dcf118f6e

SHA256
101f2a5b9448baec24a50ab8ebcd631f2f130e52a69b4e04092649a27616efb2

SHA512
425b62b87136102aec68df9f4b29c9b04031a1943577bad00e8262c56a3557bab7f5aa3ae6fc1b42743c28dee830e2a85e872a57546568dc78ea7a63a54a64f4

Download Submit