5ea4d9e0c70e0acee084a59062244e13df0168365786240d101d4879bce07ba0

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa8626ec3b991bf72a51dbe1ce8a551_JaffaCakes118.exe
Size

132KB
MD5

eaa8626ec3b991bf72a51dbe1ce8a551
SHA1

6277fef2c8ee7bc37e859489e7639eb547956523
SHA256

5ea4d9e0c70e0acee084a59062244e13df0168365786240d101d4879bce07ba0
SHA512

5b5b9b576d0a128c45160dd4cafa7589eba68e052f5364fb7bfa5638e9ca7af5c055939ebb45c96fe34c89838be51ee3f0c59be7eb9d26ac4d798f684912a85d
SSDEEP

3072:1xTqpdA3f6QNf2IPO4DpmWpAsfYbTOBoefYi6a9k20tAvscwg8Rc8E:v2pdqfv2IPOGfXf5ovWv7ORc8E

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\driv64.exe	eaa8626ec3b991bf72a51dbe1ce8a551_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eaa8626ec3b991bf72a51dbe1ce8a551_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eaa8626ec3b991bf72a51dbe1ce8a551_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaa8626ec3b991bf72a51dbe1ce8a551_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:8
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe

Filesize
132KB

MD5
eaa8626ec3b991bf72a51dbe1ce8a551

SHA1
6277fef2c8ee7bc37e859489e7639eb547956523

SHA256
5ea4d9e0c70e0acee084a59062244e13df0168365786240d101d4879bce07ba0

SHA512
5b5b9b576d0a128c45160dd4cafa7589eba68e052f5364fb7bfa5638e9ca7af5c055939ebb45c96fe34c89838be51ee3f0c59be7eb9d26ac4d798f684912a85d

Download Submit
memory/2904-101-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download