463548019958ed0f481a66a6e62f30dd93fb86efd0ceeff843a702be1cef87d1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe
Size

304KB
MD5

048f10f23ba4f4d1d85307374a96de60
SHA1

f18014604b4fb9d3a3dc6b49528da0dd746fcaf0
SHA256

463548019958ed0f481a66a6e62f30dd93fb86efd0ceeff843a702be1cef87d1
SHA512

56babef91b11816007fb88c42f2479c7f162ade012b18512b866654cbff09c84b6081ff6b97e910464adeebb9880f9e26f2521522834da15658c2f3924dcf28a
SSDEEP

6144:prVO6Y0JQBkQRl7174NpNUM+UHs+s75jvfoln0hgUE5v1lC08JwWDa7:prVO63yRl1uqM+gs+WjvfA0uUyV8CW0

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3164	048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe
3164	048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe
3164	048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\048f10f23ba4f4d1d85307374a96de60_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu87AE2CAF.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{13AE0309-7325-451B-A7F0-3B07C84D21FF}\Custom.dll

Filesize
63KB

MD5
74adda56d13e1ceee8cf7ac4380bf881

SHA1
89a4f7f9275189bb74d3eec4eab6d491b9ac887b

SHA256
ddba3675620e4f5487d024d885e2e5eabff3f07b39dc8b8186926d97220f895a

SHA512
12868a059dbb8c35ace92414e8ed86a767f0ac025d107b5a8edd6bf447ed4afef729c820253f945af731fa40c5b0f2759747a4d04bdbde0bfbf0ef837b8074f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{13AE0309-7325-451B-A7F0-3B07C84D21FF}\_Setup.dll

Filesize
163KB

MD5
b12842534671b5ef3164db25f413b07c

SHA1
8ac74501161d2ac66841a46afcaedadb833ccb34

SHA256
ee0d62a3cc1389663e0a311456fc8e9857fd582650fcb5292021391f2359f1ef

SHA512
54995ceff98e32251163ad76ee9a89b8edc0bd7f51215e2bd8b64c41dd206dea6d7f834b81601241e7e16ba92ce7efb98c84de4d3981312cc04af4ccf8fc4085

Download Submit