9bd61dd2a439bc71e46ba27ca5eaf3632f57a25435ca952306f2cc9fd515b715

Analysis

max time kernel
124s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
Size

8.5MB
MD5

16057ee8376b32da398a7269d36bdefd
SHA1

ca0c9ee1d06799455ea649fc53ed5fb6baa20376
SHA256

9bd61dd2a439bc71e46ba27ca5eaf3632f57a25435ca952306f2cc9fd515b715
SHA512

1b070edd9f5284dc224bab00e02926a6ae1030b149537a26e1b81e9b7d0299b090fdd7fe5e844efdce52d03bf77c485bd48c33351093dca8ffc692826f490871
SSDEEP

196608:Kc/9q6uADdoKSz6zCLvtGuAj0oIYLKXhd3BfV0PhxMuZMk:Kc/94GBg6zCLFGffIYg3BfVFi

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 12 IoCs

pid	Process
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
3476	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16057ee8376b32da398a7269d36bdefd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc57B1.tmp\System.dll

Filesize
9KB

MD5
2b6c7d88053edf95221d30bc048d9eeb

SHA1
dcbe6f5b35b2b9907d30ef97c930b92ce03fcf92

SHA256
be7c1ca64831febf729281b90c8920af84f26eaf3f17da1673e4a7cedc06c5e5

SHA512
99c12cda3a1e0eb082b39133d235dd6fa86551dde2b55eae692c340d575dd337746081a9e5eeb55ae6ac4f51c62b52685eb388899fd1e0fa85b0a54f5b4b9600

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc57B1.tmp\nsDialogs.dll

Filesize
8KB

MD5
6fff219b535e4c87a2cfe9dd4849d934

SHA1
2b1033c3be840ee3b2d849a9e7d4cf4a285c69c8

SHA256
8c7657b0db50767a11dc398cd391739754a0b75892040e1a8d0f88267ae29f32

SHA512
2968004208782f83379a800707c6b98b983a6c957a48110fee7dcad92c5f749edafd34642101cf797d8871888cbd58446c3769ef273f08e2375593cf9fe6c1e7

Download Submit