ee4add08253e6aee4854eaa06340e6f61c8e53972410b50b41873b1ab7fd67d7

Analysis

max time kernel
93s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe
Size

362KB
MD5

e9ce7dfdb45f8c0a21ee47088c568f1f
SHA1

cb5e5f0f5a942579bafeac314a0c5df27a4c653c
SHA256

ee4add08253e6aee4854eaa06340e6f61c8e53972410b50b41873b1ab7fd67d7
SHA512

7d2322550e4f2e630cc4e25b4c7bafaf07723c453dc40bd88b17b9296571c94a93b4f1d6d9674b2e1da24c707f3f4e1a8742f91503f473e1fa0a3b5a47f5e674
SSDEEP

6144:VTLrv+VzfFgD4GFwKoV0q+A6MQCHb5YyL:VTHv+PnGFwKKcMzL

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4668	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe
4668	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4668	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4668	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe
4668	e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9ce7dfdb45f8c0a21ee47088c568f1f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jkiC36F.tmp

Filesize
262KB

MD5
94fc140eb98884d9f3e15bcce406f090

SHA1
844f2ae6b598e0b29c22f2313594f0cbaf73b32c

SHA256
0e1baa3cc4e981b9261861b2b042c083a0d277aba44d5cacad8ba6668d9dc7bd

SHA512
c7d5987e6f548d44f5b586abe06b1926a5d51ffa486759de5026d743b1d81848e8a90841312f318574c39e7d69a9051bf42cba556f791061ab69c1e37d34cdff

Download Submit
memory/4668-9-0x0000000007370000-0x000000000737A000-memory.dmp

Filesize
40KB

Download
memory/4668-5-0x0000000005010000-0x0000000005056000-memory.dmp

Filesize
280KB

Download
memory/4668-6-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4668-7-0x00000000079C0000-0x0000000007F64000-memory.dmp

Filesize
5.6MB

Download
memory/4668-8-0x00000000072A0000-0x0000000007332000-memory.dmp

Filesize
584KB

Download
memory/4668-1-0x000000007472E000-0x000000007472F000-memory.dmp

Filesize
4KB

Download
memory/4668-10-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4668-11-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4668-12-0x000000000A5E0000-0x000000000A646000-memory.dmp

Filesize
408KB

Download
memory/4668-13-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4668-22-0x000000000CC70000-0x000000000D416000-memory.dmp

Filesize
7.6MB

Download
memory/4668-23-0x000000007472E000-0x000000007472F000-memory.dmp

Filesize
4KB

Download
memory/4668-24-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download