c2fdd8b56fbfc0d85183672c65664d027b046421961c3f1c27a8c8e9dc69d2cf

Analysis

max time kernel
19s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1283654001e371c876825eee2d561be8_JaffaCakes118.exe
Size

84KB
MD5

1283654001e371c876825eee2d561be8
SHA1

c2a612e8416fd84970b8281d3844b0f9806b6570
SHA256

c2fdd8b56fbfc0d85183672c65664d027b046421961c3f1c27a8c8e9dc69d2cf
SHA512

4b3a81da5f45eee2a01239f05be6d72b0d02de89c5f228c229c813ab6031c66f010a8dee37edb2a65a1effc58fdce31abfb5fd5f8e27cf2326aed8d977c54f59
SSDEEP

1536:larO2R3XZVPlF31n1TClFvLLcAGJn+yRJCPDzrTn/S+zDr:lV2BZVPlFlnxClFvLLcA+sPDzPn/L

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\DAoC + patch.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\FlatOut + nocd.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2(crack).exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4 + serial.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Half-Life 2_nocd.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Counter-Strike_cdfix.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2(serial).exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Doom 3 + cheat.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2_nocd.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Counter-Strike_cdfix.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2(serial).exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Sims 2(crack).exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\Doom 3 + cheat.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\FlatOut_serial.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File opened for modification	C:\Windows\win32dc\DAoC + patch.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Silent Hill 4 + serial.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\FlatOut + nocd.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe
File created	C:\Windows\win32dc\Sims 2 + cdfix.exe	1283654001e371c876825eee2d561be8_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1283654001e371c876825eee2d561be8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1283654001e371c876825eee2d561be8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1283654001e371c876825eee2d561be8_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Half-Life 2_nocd.exe

Filesize
87KB

MD5
b0bfabdefc85027f9bc447aca7af4fc4

SHA1
9195b05cbf9a1f95e2637f4772bca50428f107c5

SHA256
06c6646be8671bdcab21d374d32941ac4b0280b1d0b4f3c9c985e29f005dfa56

SHA512
383fd8e4a6c24c00da84ad26f00729f4d998436361d7103a5565193db79d6328f5d0d2ef81ffd92da3dda181cff7960d90a00925368e12981e6e54f011aebc6a

Download Submit
memory/4760-18-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download