704125e6f1e6af4404e67508fa6ede727f457f8083bbe960fd0248cc6673c3ac

Analysis

max time kernel
91s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe
Size

5.1MB
MD5

0be92678192ce14fd6e955862a38f79f
SHA1

5fa6f3daf422c13bda8ec1201bfa6be78703565f
SHA256

704125e6f1e6af4404e67508fa6ede727f457f8083bbe960fd0248cc6673c3ac
SHA512

9a90402b662a21ba11bf8ee20b6db08fcaa59a906ac9c0d8fc76c4b94fd8a2c107d677b1aa8ccb3a72b2a7dbdf20f54e1ed8a9ded0faaffb4db5d1a1c7b51020
SSDEEP

98304:K2KoM0JzE74N9inbyO7+nJR57k6fniijfYqHaxkC7aRIW:KIP1E74Cb/+l7k6fniibMxy

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1476	0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjAAF6.tmp\InstallOptions.dll

Filesize
15KB

MD5
67d8f4d5acdb722e9cb7a99570b3ded1

SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f

SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAAF6.tmp\ioSpecial.ini

Filesize
1KB

MD5
f3d1ecac1c4cd288d47fb70240c8bb35

SHA1
304156ed03e83548d663fb5ffccff53b2acff719

SHA256
6a444e540c6688b87640f3250ef0e20413d1317a1ff9c788466f4e0eb17a0075

SHA512
f70dd35d280c7a8841f1c1236417125e3082510a186fce9a8ed47a1b04816e56a89f404e16561db250f07a9c89945504d51a2dd6ec35d8d1a3a9bbfe5a201e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAAF6.tmp\ioSpecial.ini

Filesize
1KB

MD5
f275ff80020df79b01a9daa9eb6f9fb5

SHA1
6f89e62de8a1d45759ce336ffed26e3fbb5701e6

SHA256
be1555f6b1db4035939e3364ddd1e5b9e9e230d17d9291f7af22a73c89d86e0d

SHA512
b0da4a0b158a887e357660c41d48528afb17aca69501cd6ec440bdc77d0b0805a6dc9427691c3c538069becc0a101cffb82765b75e74e3d4d8d08482969842b8

Download Submit