6350442382b13f95bf179a7156260f0151c16f430280098d936cdbdcece2c899

Analysis

max time kernel
22s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
Size

82KB
MD5

fdf73e8dbea55be50b5900b98b29d1fa
SHA1

6790ba26343163f858c7e2b488e354e66487fcc7
SHA256

6350442382b13f95bf179a7156260f0151c16f430280098d936cdbdcece2c899
SHA512

0015e76657937b9b0822fe728e8162c265857f4d1f781b76b519795bbb3a4e297de9e8f8ffad5f64681c585435a6890563bef16e145f66010cab104645b4758d
SSDEEP

1536:larO2R3XZVPlF31n1TClFvLLcAGJn+yRJCPDzvCqFl5OphfUFJ:lV2BZVPlFlnxClFvLLcA+sPDz/FrOjf0

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\DAoC nocd.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2 + cheat.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC nocd.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Half-Life 2 + hack.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 + hack.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike codes.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike cheat.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike cheat.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike codes.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Half-Life 2(cdfix).exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004(serial).exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\UT2004(serial).exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Silent Hill 4_nocd.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike_trainer.exe	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdf73e8dbea55be50b5900b98b29d1fa_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Half-Life 2 + hack.exe

Filesize
82KB

MD5
5be7bfe09d17b12a9b2158fa08e79888

SHA1
35e977cc6599e5a75c9af9a67e90c718389ac8ba

SHA256
a94524a29775116f38d30d54e1edf8289053368d0cb37edd7bcaee017ee842d8

SHA512
4560382e5153f3216d6381f74dea9f5ff824d82815cabb4b8e76338274cc907f861c39786218f04b4dacccfe81b5a759d4e94f546ce3232650afd0eb7d94a9db

Download Submit
memory/2568-15-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download