b0f765f96d90c133625cc70744a4d52f96b6f366a8d3cc4b016434ff5c0bb9e8

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 06:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
Size

943KB
MD5

38d241e9d07e82cd8ecf8660e497fce1
SHA1

d4f6bdd677f00daf47f39222ccac9eb3ed6da7da
SHA256

b0f765f96d90c133625cc70744a4d52f96b6f366a8d3cc4b016434ff5c0bb9e8
SHA512

6ab126cd69cba911a8c954bd7471dbc4286c240a2b387e33a35cd60acdddb4a6956d077b4e5020695bf2eb0c4737fbd336b68ebfdb9a805f8a728fd556497130
SSDEEP

24576:B8WGWqc1rHsDjopXy5GxWVFYd5xjoAL+3Lx2buoO10qAnpimRkvvOZuv:BZCD+Xy5GYTil/S3LxCud1ApicC

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
2028	38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38d241e9d07e82cd8ecf8660e497fce1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_4\eDB.fne

Filesize
224KB

MD5
b9e8086cdfbe4cc37888811e28228255

SHA1
19afc7f0a8c117d969f2060e600823034d3103a4

SHA256
0c1fe6e48d60bbc818275a78c7d27551bfbb9b2309c87f5627871d7eeaec29ff

SHA512
f3eb1ff6804edbf0c031451bcd6a568adefa74df28727f00d5137d4cef5ecfd5f9abd72083dfc02637518fc1f6cefbe0722c5f68b469d2d13b2c1f7a30f4f7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\iext.fnr

Filesize
212KB

MD5
8fc38a56bab9cfe08b48eb6ee3fa997c

SHA1
88b2758f71aa83bca2bc3b1dc791a56372fd9d57

SHA256
10d85bdc14fa7c06f555858d920d0e0b9becf8fde7cc9df315bd130add2dad86

SHA512
319ab901c294577196f69f9890859280bcc744d69731fe2b909d9178eef798dc4d2bba74b6d2e5f397226dc7b7e691bdaf7e7e200a4ee4a9319b497b3166b320

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\iext2.fne

Filesize
264KB

MD5
a0f2afb002df9b80799fefc1c0d410e1

SHA1
d603af347c499b0962aba4db77fc6bbc4a64d098

SHA256
57557d9b569013a9506c6f3f0411ff0e07c497dd08e7e7551fbae9393355d2a0

SHA512
20ddcf0e52f01957983cce5c588f14a28f73f0df3ab43d774adbb69b01b52abbd7549f3bd7870c853eb4203cd0bee3230b691e61939a736f90750a1a3ca26e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.1MB

MD5
0cbcaa313cd1a27e367384a50330f2a6

SHA1
e313b6476747c867ee9e39644ce4949d61ea7d34

SHA256
4f79fadea2dbbfb3bdb45fcbc40301db13376cde463a16c7c684a24c49da648f

SHA512
280429c34b24e878ea51efae905f3fecc1b61ee013c8240225e0d9222e641a165f3414216f613ede81ff3fb21b43e51a19c2d878e6f53be665eab04e5641a23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\xplib.fne

Filesize
76KB

MD5
3148ebcb00bc51a7b0a769aa7ba69554

SHA1
81a677d7ef7ceaad6be802d5ee0e4bb7bcb58ee3

SHA256
6653aa232f4a7eace25c636cb591fea24e0f02234fb9e7460530e57ce9d54429

SHA512
efcbd04c173ba45f300ab17e9784df49caf7e6779ce8fe5b70deb67555d471e3be25eb9b85ea75fff15c612e3feef9a3d715f153bd4aae406fa95d8756181265

Download Submit
memory/2028-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2028-12-0x0000000002490000-0x00000000024CC000-memory.dmp

Filesize
240KB

Download
memory/2028-19-0x0000000002510000-0x0000000002562000-memory.dmp

Filesize
328KB

Download
memory/2028-26-0x00000000025E0000-0x0000000002623000-memory.dmp

Filesize
268KB

Download
memory/2028-33-0x0000000002650000-0x0000000002663000-memory.dmp

Filesize
76KB

Download
memory/2028-36-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download