ecaf21ff4bee4c94c773f66db59a7db34e687e94fdfafba38d2bb588a41a3e62

Analysis

max time kernel
18s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04c638728500bec87b228033f80d4435_JaffaCakes118.exe
Size

86KB
MD5

04c638728500bec87b228033f80d4435
SHA1

7d5bcc962519337ae1f2ad70092706d4c7595560
SHA256

ecaf21ff4bee4c94c773f66db59a7db34e687e94fdfafba38d2bb588a41a3e62
SHA512

1e69f6b215832d4766d4f2503f8ae4c678346a47ba7772a453dce21c9c6b0c6c8e89816618f62bdbcae22bd68c48ac6ba216f4414e90155cfe380a7b34c78a08
SSDEEP

1536:larO2R3XZVPlF31n1TClFvLLcAGJn+yRJCPDzhagZXZl48:lV2BZVPlFlnxClFvLLcA+sPDzhaghZW8

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\UT2004 + nocd.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\FlatOut cheat.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\FlatOut(nocd).exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC_cheat.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC_crack.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004 + trainer.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\UT2004 + trainer.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2 + codes.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2 + codes.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\DAoC(serial).exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Quake3_nocd.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\FlatOut(nocd).exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\FlatOut cheat.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\DAoC_cheat.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\DAoC_crack.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004 + nocd.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3 + patch.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC(serial).exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe
File created	C:\Windows\win32dc\Quake3_nocd.exe	04c638728500bec87b228033f80d4435_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04c638728500bec87b228033f80d4435_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\04c638728500bec87b228033f80d4435_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04c638728500bec87b228033f80d4435_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\UT2004 + nocd.exe

Filesize
89KB

MD5
fa64b0c4cc70bf0d9457d956c9ed8a85

SHA1
e4fe0043d52dfaa2a2f90f01e9a689bc5dec1852

SHA256
2f4829e15c61cb615e39a9963da0143b560f8e1f0abac3d8a01ef4fb885593fe

SHA512
da1f2c574f9879b7e8db35811cf348fb7ed32977789fa32a4b83b5d2750502ba89a36cecf55e673cf9aeccffdd0f92797624aac7e98b65640d7d516227dedada

Download Submit
memory/868-19-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download