678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe
Size

1.0MB
MD5

038dc81ea8a6c5ae222feac69b36f5c8
SHA1

424d7f307be90470834ce2e341847578413d9fb4
SHA256

678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf
SHA512

9d50735d467c0c9a3228a7a8395ccc2b704e5557296f4ef968248883cd582fb0d7996376f32b02b138f9303f7b9acc01cfb846043e11e55f669eabf033b8760a
SSDEEP

24576:lrvRVBC53QxA1ev3kLtJka+8+0NVIxhEa8p2pIsoPg6cB:lrv3AqA1ev0BJkal+0NV2GXPg6O

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4816	038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe
4816	038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe
4816	038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsz91F1.tmp\System.dll

Filesize
10KB

MD5
4fbb4a2cd711fc1fe84f3dc30c491dc9

SHA1
888e01ae6e64e7326f88df9a30587f699eab154a

SHA256
c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2

SHA512
92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847

Download Submit