c4bafdcf1f2f9593812c96e27591a3c988eabd1ec9d45337c394de86aafdaf71

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe
Size

3.2MB
MD5

171f66ba3c071dbe1126d5f5fc3b6013
SHA1

afb5ff236c336566d6750fbd7f3c9e7150ce1675
SHA256

c4bafdcf1f2f9593812c96e27591a3c988eabd1ec9d45337c394de86aafdaf71
SHA512

9b61131a404526e9591e2bf5104bc862e902aef65fea974781a6c0c202bf2ef9b903685a8688ef5eab8e1c1f42caf6fd56c160a7c5a2c48c685b01ff2b411a0b
SSDEEP

49152:VVAzmH9S9Q2T5Xnt1fOzs+t0eoAixHz7XbGhx6ASn1u/ODPSO34xH4SQnK6z9:a9fnt1Yz0GilzfU69c/KSOIxYSQd9

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1948	171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4396,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nss4B10.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4B10.tmp\ioSpecial.ini

Filesize
682B

MD5
43e968094d77b7ab25dff6ea524b1e6e

SHA1
015e3e6852f9b0def05daae9412a96c7b0523e63

SHA256
5c68803c43f46d8b9e83c2d6879e930f0407a8076c603d9a0a8eee6bd8285805

SHA512
1f28a02c163fe70073839894d68cc4f079fb78df9a259fbe1a568004886bb8b177d46681e810870d277209c11b7f067fe3476f14c5c595dcaa629d1519153cbb

Download Submit