81d3b2a5f1b6afa3a048660c1ccbd0dbd0119e32174f38c94658a612c254db80

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe
Size

404KB
MD5

29cdec3b30f291ae0c36c5868e758889
SHA1

438fea411a42a543e8c0ef423b07c6704daa5278
SHA256

81d3b2a5f1b6afa3a048660c1ccbd0dbd0119e32174f38c94658a612c254db80
SHA512

91eede49196fbeb0f1cc665401b14820be0e80e15aa4c577b54d99195596fec8808f85dedd7872f1b7033bff87ee757df65a7c2c63508683ba70b56ef385854b
SSDEEP

12288:qmfD229SUfK/lGRgOUqmq9kR6lhKXWB3a9FsqJKB57d8ff:qU22cMK/cRgOnmq9g63B36rKX6H

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3496 set thread context of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83
PID 3496 wrote to memory of 2740	3496	29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Users\Admin\AppData\Local\Temp\29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\29cdec3b30f291ae0c36c5868e758889_JaffaCakes118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2740-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2740-25-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2740-21-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2740-20-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2740-19-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3496-9-0x0000000003B40000-0x0000000003B41000-memory.dmp

Filesize
4KB

Download
memory/3496-15-0x0000000003BA0000-0x0000000003BA1000-memory.dmp

Filesize
4KB

Download
memory/3496-7-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/3496-6-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/3496-5-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/3496-4-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3496-3-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/3496-2-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3496-16-0x0000000003B90000-0x0000000003B91000-memory.dmp

Filesize
4KB

Download
memory/3496-8-0x0000000003B50000-0x0000000003B51000-memory.dmp

Filesize
4KB

Download
memory/3496-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/3496-10-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/3496-11-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/3496-12-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/3496-24-0x00000000022D0000-0x0000000002330000-memory.dmp

Filesize
384KB

Download
memory/3496-23-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/3496-1-0x00000000022D0000-0x0000000002330000-memory.dmp

Filesize
384KB

Download