b6cb7fe82d040b90408d42c2fb66477d8573061eb5a67c9f88fe1b4a3ad57961

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
Size

7.8MB
MD5

eab6593290c12adea3350600cffbb0f4
SHA1

8a1ddb55b63a67653cd95cfce4313be2c416ad98
SHA256

b6cb7fe82d040b90408d42c2fb66477d8573061eb5a67c9f88fe1b4a3ad57961
SHA512

34462eac71699dc0dbef0ea01b97e6c93ab7ac6a04234214848624006f5b042373c021e73fe911073cc3a486d6a52dde837015f923e7658c0a7a89903ab463ca
SSDEEP

196608:wx/ijiu45W5QCjC50saEQbY8Nr6dvb9juFjer978OQ4wqjrriZTz:ctCj+bcYJ72y9ozniriZTz

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
2084	eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eab6593290c12adea3350600cffbb0f4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gtapi_signed.dll

Filesize
77KB

MD5
4f379ae3ec96f6619c86fe6dac3e3cf5

SHA1
6cf1ccd5bb2a0b64da53b7d529847a2d6d9a7da5

SHA256
815f1171dd00afc46d26158bd7f9f95bb37c344252ca05afebfc51a8a3118b6b

SHA512
d5d9699cf06dc59858ed74c78ab2f922880bce1781b92f599bf382da8fe7425926454bb52ae6d6557923eacd3c3273d12b69246d8d81fa5669e3c69f2b2cfe32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd74B5.tmp\InstallOptions.dll

Filesize
14KB

MD5
107737e3282fefd85684f2fa3df6d1c3

SHA1
3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

SHA256
21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

SHA512
439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd74B5.tmp\ProcDll.dll

Filesize
54KB

MD5
4bbffba241d51d447a527891c49cd1f3

SHA1
df6e9617bbf060c9373e173144a9943375874a2f

SHA256
7883866a9143135bcec5c173293265778ac68a331bfae7efbd9d92f21fb254cd

SHA512
ff366b7db3970c31352dc05ce3d8b53818555b768b3d2e52ba33cc7338ba47c4aa8ae48391fe6ac8072b150aa7947e0133b558b86b9cc2a3ec286472b98f01f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd74B5.tmp\System.dll

Filesize
10KB

MD5
0ae9c427fe7bbbbf1368c1c6d3933ae7

SHA1
c8e5131613302531c88512dada29a18886259268

SHA256
49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a

SHA512
59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd74B5.tmp\ioSpecial.ini

Filesize
690B

MD5
73bba3da40accc6ba458ca39a073ae97

SHA1
6c00028b411dd5af2ba22e0f7d59de75c60dcedb

SHA256
7ff37a2668d0433cdf925f51f43fc5b85e3d01669e8d7267a3ebca8650061649

SHA512
8a8a6bef953408d5c6aa2b54f2737ddff289ad138572fbab2caf9337dabb2b797945d47450e04e858eaebed3687df43b723b0e5945b8302d8a59c76bbca439e8

Download Submit