8efd89ca1e028ef7a2ec4fa5de47a135df93b958eafdbfd2c5230863447c7a42

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 16:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe
Size

96KB
MD5

fcacffd6741b46e52b66b64f409fb0cb
SHA1

fc00dacbfcf2803aae023f8a20ebc63418aea777
SHA256

8efd89ca1e028ef7a2ec4fa5de47a135df93b958eafdbfd2c5230863447c7a42
SHA512

6f275ee9d654dab7c826b1bc7ac3baa4c7ffb14dc27471113b3dd93542bd42bc8cfd490afcfcfea2475d3984af8aeda146462210d43ee541b4d48eee3ce78741
SSDEEP

1536:0xnSRHTllB7PG0Eg5DGruzUc2FnToIfXU7MlAyxJaV58h:0x0HTbv5aruzL2tTBfXFlAyxJXh

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1980	AAA.exe

Executes dropped EXE 1 IoCs

pid	Process
1980	AAA.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Explorer\AAA.exe	fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Explorer\AAA.exe	fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AAA.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1196	fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe
1980	AAA.exe

C:\Users\Admin\AppData\Local\Temp\fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fcacffd6741b46e52b66b64f409fb0cb_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Program Files\Microsoft Explorer\AAA.exe
"C:\Program Files\Microsoft Explorer\AAA.exe"
1⤵
- Deletes itself
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Explorer\AAA.exe

Filesize
96KB

MD5
a8ec1b9a38252c47bf9c38a4934b0fb6

SHA1
d2f07509468f69ba9d0294f664dac186aaf6e68f

SHA256
190c01e6e026678d7fec8ef9f659ce5e11d69d8154daf80562499553582072bf

SHA512
0506b9d477288724cb5455526cbe70db0cebcc82f01db47218463b58c5b13c72af4ac2dae5b630da4a2e61b66d2016a45211d9327685ebf4b950c4a0c1ea5888

Download Submit
C:\SystemTemp

Filesize
84B

MD5
8fbbac4845fecfff385b47236e319323

SHA1
d305357222953b1f574a64372ebe4c19d3bd4184

SHA256
67556233280b3007d0cdbd5683dee22d751241ce45d189dc8f898984461ceb3f

SHA512
2bf272685a3566be68de61ed67cece74f1c3d9924a1e3314e1e091f18a4b16224d81636945b347543874bbe7bbf2ca573254129aa80e1515d277ed3a5e370cfb

Download Submit