742bb14c9c2708bd926d711bc358891809c18375cee4b85b36e1dce1ea8a56f8

Analysis

max time kernel
93s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
Size

68KB
MD5

38fd6ed0fd293e7ed0e622c2ca0b3257
SHA1

348342093f27c00efa0e78edabbd7602a815d2de
SHA256

742bb14c9c2708bd926d711bc358891809c18375cee4b85b36e1dce1ea8a56f8
SHA512

5f4092d15fe7c0b59b86029cb99e0b1c96e4937fb54734ad88ff79973b8f90b7173a5b14ee880510b56d902329278bde6de413c12fb5d5ab9c9b91fd1f05387e
SSDEEP

1536:GfSsBmedwaSxFLFM2q7dFM/crJuLGARev4b53tcjWaVa9:qSRCwaG1Ys0rUqA0AltcjWaVa9

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts.txt	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
File created	C:\Windows\System32\drivers\etc\__tmp_rar_sfx_access_check_240607078	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
File created	C:\Windows\System32\drivers\etc\hosts	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
File created	C:\Windows\System32\drivers\etc\hosts.txt	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38fd6ed0fd293e7ed0e622c2ca0b3257_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\drivers\etc\hosts.txt

Filesize
12KB

MD5
8c53d1184bfbcbc0542f5e060d6addc8

SHA1
5f2aa4b0e92827f98b38cdef235b342b1b1ab2fe

SHA256
fa3978f9ceeb846b2f3f948b59b9461a209a44c1b5b0566cc5d7948e8cb7a426

SHA512
94c3d9aec1bbf945bf7f62d817dba08aa83a47c0dd982454e1fde28aae6c64a8d1c4f13df36babd5cab0bd57fd96ea9f62d52496f1b742ec49c6fb8c76c08c36

Download Submit