90f6d946c84c797096cbea4da6dcd9aae511f7fc28ea4ddf17b05979d459f786

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 18:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f067984c81910f445eb50c36acb30418_JaffaCakes118.exe
Size

191KB
MD5

f067984c81910f445eb50c36acb30418
SHA1

ab2a089842f7a972771636af65a0cfada87efea3
SHA256

90f6d946c84c797096cbea4da6dcd9aae511f7fc28ea4ddf17b05979d459f786
SHA512

21f90efc03c7a220452de115b5fc0f8b5592e6a7052cfe5e20a784dd3270a4fd3317888b342db7558d90d178292647e2c198999e6a8a5d749d4b26d557762a3b
SSDEEP

3072:Nt/MrtxFJ3Z+J7GsfImTyrhdO+7AcmT+EJtOcl19ocvjJD61rwdCFJ60Qksurw6C:jGtz+J7FImTshdO+3mTBOsNvGJpfm2EN

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2596-1-0x0000000000400000-0x00000000004B0000-memory.dmp	upx
behavioral2/memory/2596-2-0x0000000000400000-0x00000000004B0000-memory.dmp	upx
behavioral2/memory/2596-3-0x0000000000400000-0x00000000004B0000-memory.dmp	upx
behavioral2/memory/2596-4-0x0000000000400000-0x00000000004B0000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f067984c81910f445eb50c36acb30418_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f067984c81910f445eb50c36acb30418_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f067984c81910f445eb50c36acb30418_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2596-0-0x000000000047F000-0x00000000004AD000-memory.dmp

Filesize
184KB

Download
memory/2596-1-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/2596-2-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/2596-3-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/2596-4-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/2596-5-0x000000000047F000-0x00000000004AD000-memory.dmp

Filesize
184KB

Download