95dc3cc659a45ee19b6aa2d5061ecd0e341e96bd3228087118960bd91e10e59a

Analysis

max time kernel
95s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 08:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
Size

380KB
MD5

eaebc2ccc98d91b722f5dd5bbb6f3711
SHA1

83c037e8483977ea0112ebc2316f253232947c35
SHA256

95dc3cc659a45ee19b6aa2d5061ecd0e341e96bd3228087118960bd91e10e59a
SHA512

3e9f5a54c0400ac82966ea675d280450fdad8a6e21aac20c8ac7f921924d65cb6c88ccf47cf254223e54f4901587f097567e329af5c1a70a2d0eb7bb48907546
SSDEEP

3072:VMKlWdec3u+4dlGNTal165H//bgK+9F+AJaTGi3FENeECXCj2B:VCWdlGNGXGfTs9kAJS3umX

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2460	1736	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
1736	eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eaebc2ccc98d91b722f5dd5bbb6f3711_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 2748
  2⤵
  - Program crash
  PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1736 -ip 1736
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ancamera.ini

Filesize
59B

MD5
616cbf80b94152df0b536e1b5131c751

SHA1
13219c4bb2abdfb0f1f381fdb9ea9ebda07c15c5

SHA256
74db8db3368aca159aa71dc71a3ed0aad678d6b4b4eb086d83b1ec20f5bcc023

SHA512
7c1c93d00bf8fe4caa660093ee05579bcf7709e59b7ac3d051e7fd1c61735a14fb2fbac0715764ae82137642e02f5b2e0771fb91cb48cd5b5f145ed0af055ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ancamera.ini

Filesize
57B

MD5
2c67ac6a329be0f0b867ccd188e6dd8e

SHA1
1b7a58a088795049abbaffca8a37e74eb1f940d5

SHA256
c66ff43f2c034b1d3df7c4a9959880a97a2d8526cbee23e8f980668a39945664

SHA512
a73280fb4bc71a60cf37faf913c50c7f083dd7b21151c94ddaf8754ed48f9cfb737787e3a7c525ec70b87878ff76a4b13fc90b3d9c2dcbd0f8ec20d7022337bd

Download Submit