90b4dcbb3d477db0cdaaed59ae6825dad04fd174a0ff51ce6b6ab9cc09ce91b6

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab31ef07d1c40987e9ea730ffee48a5_JaffaCakes118.exe
Size

766KB
MD5

eab31ef07d1c40987e9ea730ffee48a5
SHA1

d9a36f1587bfe4370534f10367268a72e5362fce
SHA256

90b4dcbb3d477db0cdaaed59ae6825dad04fd174a0ff51ce6b6ab9cc09ce91b6
SHA512

8a3db3dc14a378bbba1e7fcd9c906d1190503b77a27ef19eeebcb5bff61146c8a57e93e1e5e7aff8a55e49ba3a288e55317a060cf5a2a355b2ad6a8c671bba62
SSDEEP

12288:8HLUMuiv9RgfSjAzRtyOuFwjrlfdphyjIqyD15kIlb/WZa2kfLz/WqDpzB:WtARFZVpQjILD15kIVYaxfHWqDtB

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3936	eab31ef07d1c40987e9ea730ffee48a5_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3936-0-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral2/memory/3936-23-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/3936-23-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eab31ef07d1c40987e9ea730ffee48a5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eab31ef07d1c40987e9ea730ffee48a5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eab31ef07d1c40987e9ea730ffee48a5_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Crypt.dll

Filesize
4KB

MD5
d837210daced01236ccc50baeb996f51

SHA1
2f9dee67b1af7e5a32cd10358356fcf87fcf5ada

SHA256
547ab733bd5d60e0bd0e31cb26649a8d5b80e10f2996c9bff21b026dd4494454

SHA512
935b3e7f5991537c0b053e3e961d74fc95f7902e916b2b88791482d20656435e43882ce75de1cc7312784e4de50c63a0d163a875b541cc0bd6e760a2e0751c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut5370.tmp

Filesize
473KB

MD5
00750c4b23fc1cdee043af1cc4b71b41

SHA1
3bce91a529810c7b1828691d6c99ca3cb8ce7574

SHA256
0cb1055fb7a1a2e528fa702e3091e6f1aebe34b154310cc85a22a7159a4405a0

SHA512
2820aac5e568008c4b401b1d83964e3f399c6dd0c404a9ca54f2915b1786753ffe9ef60fd9510c5539ba667e289fd4b333c0b234edd25b5f51b6bea227a84c2d

Download Submit
memory/3936-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/3936-23-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download