d8a22c3fe0447543294d37b4aa87956e8447458f5b639fe33e7efbc1d1a0f0e6

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 22:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
Size

83KB
MD5

0cc35d07a715a9709b21dfec93cbd809
SHA1

2e3c1f4b91750023897868d7e0f4f89a19cbe435
SHA256

d8a22c3fe0447543294d37b4aa87956e8447458f5b639fe33e7efbc1d1a0f0e6
SHA512

b1fb378dbf3dfae1659093109c58b98b7fdab6f02498c1562780706d900f05f11619d370dc2a69345fadf8a2bab422fec38b76c7cf50be7fcca70f1d6ab869e5
SSDEEP

1536:larO2R3XZVPlF31n1TClFvLLcAGJn+yRJCPDz7teVI:lV2BZVPlFlnxClFvLLcA+sPDz7t2I

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\UT2004 + patch.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\BattleField 1942(fix).exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\BattleField 1942(serial).exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\Half-Life 2(nocd).exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004_hack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\UT2004_hack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004 + patch.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\FlatOut + trainer.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\KSofAyKfEK.com	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942(serial).exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2(nocd).exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Doom 3 + crack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC + cdfix.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\UT2004 hack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\UT2004 hack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\FlatOut + trainer.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3 + crack.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\DAoC + cdfix.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
File created	C:\Windows\win32dc\Silent Hill 4_cdfix.exe	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0cc35d07a715a9709b21dfec93cbd809_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\FlatOut + trainer.exe

Filesize
84KB

MD5
9ac942b4a146522db4dbe49528526897

SHA1
cefa87f13d71df6658408977b36818708cd3a4d9

SHA256
24d7d75449d4c9946a4570c508eee89072ac069c9aa62f7ad3e8bac382b4ec7c

SHA512
249af47221f48a16f9d395ee89c40fc9bc65f33d58e4ebc6e6f5182002cc1f0795799ebc280c4f2683dc431560abd4b751912efc3670600899707fd3414a4859

Download Submit
memory/4888-17-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download