608a88ea1e7431df9b99005366e3f701fdc7ac86552273f8230b5f41d1a86328

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe
Size

281KB
MD5

ea811a6319710dd63127e5d892b0af9b
SHA1

3d8e0264528ce6b4fb94bdc4936f86e48520b2fa
SHA256

608a88ea1e7431df9b99005366e3f701fdc7ac86552273f8230b5f41d1a86328
SHA512

2fbb146a8877a678b1e7969e53a9827e8fde92f238690aac7aac89655c10ea0fe8338078bfc6892e107708c4703e0f093cfd678f81e5d422789248dc6834e869
SSDEEP

6144:bEILsI7MJ2O4laacqKZT2khJ2otcUsx6hABG:bEt2O4lxrKl2kn2o/G6hAc

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3928	ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe
3928	ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe
3928	ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea811a6319710dd63127e5d892b0af9b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu-0F58.dll

Filesize
249KB

MD5
adb647de203421001356defee6fa3dab

SHA1
393278ddf756d236be35779666066c544acc7458

SHA256
c96807e91b41cbf4db5d3a97cc68662df344912f310b738b045501ac2c9eb5fd

SHA512
62024663db7af728ada8f73772c30d9ac9ec3486f0b1cd04c918d3ef3aa09d696c3dc063611b7fb6b661b0acc875f1cbd0ec73f9caab4cbdae83f652f294e821

Download Submit
C:\Users\Admin\AppData\Local\Temp\{28D85209-EF26-E21B-00F0-A704F33B70FF}\_Setup.dll

Filesize
168KB

MD5
cb317bf09b14ff33fea13647ee6ed896

SHA1
f68212cf9ae292c8fe36b0f869177c78cdfb2265

SHA256
1d9d4de2d985d45db9eae784f31e3c025e9d634fcd8a8b2524ecc4a671e62426

SHA512
64f8f34e551a431229a0f3c3ccf474d0dfe83aaef74150fe99f2e9c8f04651f3b5187e0a6f45d9e658525bba42b6d29f23928de06c0241bd852f3a80a9155946

Download Submit
C:\Users\Admin\AppData\Local\Temp\{28D85209-EF26-E21B-00F0-A704F33B70FF}\_Setupx.dll

Filesize
21KB

MD5
15e380879ec4b680564c4f6fcdad4f4b

SHA1
a0c7db2d244bc185be9aba3713812bf4362ccc9f

SHA256
8708eed5d5d45b801cd051f4d76f076e674d0457b38356ad6c617f9d934b264e

SHA512
00b89903b515200cd21231482974c1e687a9e33dc904e4967213ff52ea27a7401d9b7c7291994620ab39c85e383eec000f850f583715e95e68bb71921b7321bc

Download Submit