c8d5199b5c83afb8071db7b1da4610ac81b643d0bb760065fafe5142906fb086

Analysis

max time kernel
141s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 07:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
Size

1.0MB
MD5

ead27f0ac338e950898874e1705c08ca
SHA1

d2f2e7f09d264150a4dccc5ec681a2d345d3dff9
SHA256

c8d5199b5c83afb8071db7b1da4610ac81b643d0bb760065fafe5142906fb086
SHA512

c9a8ed3f9833c6fca7df1b28db99891725e21f11bd690d781f8709dc6dd67fec1d74e408638ebaffbb17c477b3bcb97bfe9fa636bcb0005f9032e812d337cf1c
SSDEEP

24576:fJT/meBXuuMR4YjBxl6r8WcxAo5Xm8d4JRCgdBFBwFBJ8nBndeSa:fLzMyA/l6xs4JxdnBYCBndeSa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
3944	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\.#\MBX@F68@23B18E8.###

Filesize
2KB

MD5
8218b5187dee9cc4a8251115c1883539

SHA1
bf4d8d4d485981d11d81fe802c0a1d59e8819bf3

SHA256
85a75387476737e29682dfa67952141234d31ce62601fd7af3e02065c4f92cf9

SHA512
8a0aaa77e65fb5479519742d20b83fd3c42a58bda9c3ca68358894f4ed3a91c1950735e95881bafd5e91144a6cc1fc4bac5afb37b09afdf12ad40c5edd882ff6

Download Submit
C:\Users\Admin\AppData\Local\.#\MBX@F68@23B18F8.###

Filesize
2KB

MD5
e578fe36e8416a3699815c94fea1c057

SHA1
e2d496c3ce04f2259c16ed71720fb70c661dba7e

SHA256
f666e358a136eaaee3ef9bd7d824aaf7fcfe229dbcba0e7b97c0eff5d3905da3

SHA512
48766617b20bf7c89d5b9dcd28249234735376004dcd2d7f0afa1c09e7eab2e3994471e51e81e6703fc3ae0489eaf103681f197d790542dbcc4243cbe925f9b4

Download Submit
C:\Users\Admin\AppData\Local\.#\MBX@F68@23B1918.###

Filesize
2KB

MD5
30f827c8ef74815a87449752997067df

SHA1
aee64b568cba93b4b92d7079eb7fe3a36d3d8d1e

SHA256
511a54f3f3061adc3835713fa60804e9ce7dae458b719c645aaa87423b7b82e1

SHA512
d1f7eefd9ec9c543f09692e9b2bf2557a0cdc9c6e4005c48be8a8534f0ca916f219353a117c7892ce2fc97422ea3f9097d3b55137f85634901410defe41d87dc

Download Submit
memory/3944-23-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-20-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-6-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/3944-17-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/3944-19-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/3944-16-0x00000000021D0000-0x0000000002227000-memory.dmp

Filesize
348KB

Download
memory/3944-22-0x000000000044E000-0x000000000044F000-memory.dmp

Filesize
4KB

Download
memory/3944-0-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-21-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-18-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/3944-15-0x00000000021D0000-0x0000000002227000-memory.dmp

Filesize
348KB

Download
memory/3944-14-0x00000000021D0000-0x0000000002227000-memory.dmp

Filesize
348KB

Download
memory/3944-13-0x00000000021D0000-0x0000000002227000-memory.dmp

Filesize
348KB

Download
memory/3944-1-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-28-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3944-29-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3944-30-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/3944-34-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3944-33-0x00000000021D0000-0x0000000002227000-memory.dmp

Filesize
348KB

Download
memory/3944-32-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download