4aa784465b856422c2e6a0249cddec07046cd65d3d384dabe823101fcb48b666

Analysis

max time kernel
141s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feab30f126a452c3b64dda29afd89a26_JaffaCakes118.exe
Size

2.7MB
MD5

feab30f126a452c3b64dda29afd89a26
SHA1

7c7dd3c2998a96b0e1094869ba7a89fcccc7c56b
SHA256

4aa784465b856422c2e6a0249cddec07046cd65d3d384dabe823101fcb48b666
SHA512

0c9549faecb18792b231ecffc1580e02daedb054d1d454e7192c16f2d8c393442d9db1f20ffad1b18fea4de96d5bfd05733c0f6d6ba3c76bb5fc7087be853a33
SSDEEP

49152:MOn2No699iMwQvCYeUBO44RsxskmxJVAfetdZWYw7a6h2Eelx8ezpMnpJ:YNogiMw6CeBisxsSMWYwz2XlSVnn

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4988	6bfd576ed7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6bfd576ed7.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4988	6bfd576ed7.exe
Token: SeLoadDriverPrivilege	4988	6bfd576ed7.exe

C:\Users\Admin\AppData\Local\Temp\feab30f126a452c3b64dda29afd89a26_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\feab30f126a452c3b64dda29afd89a26_JaffaCakes118.exe"
1⤵
PID:1656

C:\ProgramData\21de604f89\6bfd576ed7.exe
C:\ProgramData\21de604f89\6bfd576ed7.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\21de604f89\6bfd576ed7.exe

Filesize
2.1MB

MD5
550095d13e1a9989c08cd03a06c7916e

SHA1
b4836cd5c9d8d4b580d94e1d7fc33865edc39a8a

SHA256
76c9fbeb416672b9f81b08aa5dc57ac035102364a1800de256fbf8f721dd0f1e

SHA512
77789e33cc3736a81eec3373c505edc83b5c5da1037a9921990148f01550de24dac5b96fb6a7537b83c7d38444af93ee08158f1a95c8c2f3dfe2a1d5cb9ba735

Download Submit
memory/1656-1-0x0000000000030000-0x0000000000035000-memory.dmp

Filesize
20KB

Download
memory/1656-0-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1656-3-0x0000000000E60000-0x0000000001117000-memory.dmp

Filesize
2.7MB

Download
memory/1656-2-0x0000000000E60000-0x0000000001117000-memory.dmp

Filesize
2.7MB

Download
memory/1656-16-0x0000000000400000-0x00000000006BF000-memory.dmp

Filesize
2.7MB

Download
memory/1656-18-0x0000000000030000-0x0000000000035000-memory.dmp

Filesize
20KB

Download
memory/1656-19-0x0000000000E60000-0x0000000001117000-memory.dmp

Filesize
2.7MB

Download
memory/4988-10-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/4988-11-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/4988-9-0x0000000000E40000-0x0000000001052000-memory.dmp

Filesize
2.1MB

Download
memory/4988-20-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/4988-8-0x0000000000E40000-0x0000000001052000-memory.dmp

Filesize
2.1MB

Download
memory/4988-6-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/4988-7-0x0000000000030000-0x0000000000035000-memory.dmp

Filesize
20KB

Download
memory/4988-17-0x0000000010000000-0x0000000010142000-memory.dmp

Filesize
1.3MB

Download
memory/4988-32-0x0000000010000000-0x0000000010142000-memory.dmp

Filesize
1.3MB

Download
memory/4988-42-0x0000000000030000-0x0000000000035000-memory.dmp

Filesize
20KB

Download
memory/4988-44-0x0000000000E40000-0x0000000001052000-memory.dmp

Filesize
2.1MB

Download
memory/4988-43-0x0000000000400000-0x0000000000618000-memory.dmp

Filesize
2.1MB

Download