b4a800a83fc781eef191caf98d118726a85d91c61d1a8e8e815bdcd2c1c43e53

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 07:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
Size

875KB
MD5

390d4aa93b388ad008ffdaf806b1a95c
SHA1

f2c6933b0136fb9c91aa3333da77e1ad5a9d8357
SHA256

b4a800a83fc781eef191caf98d118726a85d91c61d1a8e8e815bdcd2c1c43e53
SHA512

cd275f846ff63c2e2a4bfe4153f82c979b98c01e265f4fa70000193d3e86b8d03aea6a544752f5b3283f5434c7c09806d93a79e0b964bc4f31c4b73a01fff223
SSDEEP

24576:UANd8pxgnm/3YF0bNrAFgLRnxcAs3r9H5m:U86pxgnm/31prAFgdps3ZH5m

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000f000000023a69-10.dat	acprotect
behavioral2/memory/548-13-0x0000000074F20000-0x0000000074F2A000-memory.dmp	acprotect
behavioral2/memory/548-94-0x0000000074F20000-0x0000000074F2A000-memory.dmp	acprotect

Loads dropped DLL 16 IoCs

pid	Process
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000f000000023a69-10.dat	upx
behavioral2/memory/548-13-0x0000000074F20000-0x0000000074F2A000-memory.dmp	upx
behavioral2/memory/548-94-0x0000000074F20000-0x0000000074F2A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
548	390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\390d4aa93b388ad008ffdaf806b1a95c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\ButtonEvent.dll

Filesize
4KB

MD5
55788069d3fa4e1daf80f3339fa86fe2

SHA1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

SHA256
d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

SHA512
d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\License_IT.rtf

Filesize
9KB

MD5
0a99211080937fbe34c9a2c145c2e6ea

SHA1
3860576dd35eb583a6e650d4503c7753c2212328

SHA256
e9cde2a690d8a6b5039340e2d93d0364a6d2ac338e7161ebb205e64b78189458

SHA512
242e40a8cfc85b0a1efa2af5a97c60334a8ac1b72c955e5882e75e70d0b91ef5d0aa4b641e226876e88b840664259a33552bff775c7b2656f14cca2f71f02675

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\ThreadTimer.dll

Filesize
3KB

MD5
c43953f463c22e048e45b402d190e77d

SHA1
b4a5e6567bed3c783af030df9418f91a7bac3040

SHA256
4e2a7c511e0f2ef46ac9002e0666f058ea5a4657371f086e2e4797393ee2fbf2

SHA512
18facd89f3dc55826b7aa0c02b8fdf3a1e6741850e4d9c264fb095e9da7956f6a4d331655ef00862948397d1a3f99d15243d03ef09c145a39c3b9a0c2ef4c974

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\TkInetc.dll

Filesize
172KB

MD5
8777f46e35ab035d4b526377d9a7097b

SHA1
9780ff9145be4aa7a912e6dbaaf7d781316b9adb

SHA256
d5bb2ebaac75a1588f00cea3d35faea0e5a3c7c319785406315cda2d4a52bb47

SHA512
131d6d9de492d55dc55df396a5153119bcb1c09c723abf009d8a7ef3cc71244b51f7ac1715bf7bc23c9b94ac661c255cd7a30e97267295ce060487705395128c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\TkNsweb.dll

Filesize
59KB

MD5
c6731fd774db4835a5763afd404a50eb

SHA1
c6b20b36631b513ca8647d952b95469b77d2ac24

SHA256
23861a8828cedc363baa54760766c01fdd9e1414073ca1148ff9a19ca818b13a

SHA512
c3eca3f693f4ff6b078e0708c70156f2184708f0e07d40f3cd54dd24556ae6e010a89b9bfb777f4131f0d0ee0f87d79015e7eb8f0b2606fa156d846dd581e197

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\nsArray.dll

Filesize
6KB

MD5
7b42ce0bb387ae8a452136da404bf6b0

SHA1
1d9a116d55be1beb0089e392d5ae342e2bffa8a4

SHA256
af19101a9303306e7bb8c3ddb7f1174e43b9b8ef969e78b504545ed6afe42fb7

SHA512
c50d4a172af361d2978d4204afb712581ffe558950b775e8f0a9fa29e6e8d2076e603fae5417358dceee30c4d4906d8d2dfb4879028818f0f303b8c21f2f6032

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\utils.dll

Filesize
60KB

MD5
ae97029e01393cb7ba395504c49d9fe2

SHA1
247b4e1b4100b8ba426fe8957b9de3f32b1bbaee

SHA256
eff23a5d372e18b5647ab812e7600eaa84a893ce64f72c96e02592b96f93866b

SHA512
5bdb06feeeb8ec51a760e804678ed9d67b7622466b40004d6ff4304d6e3e2b5c3dd6a377ce71a025b5658865f826c97069219c0a763ba28ba01d0127949fbc51

Download Submit
memory/548-39-0x0000000010004000-0x0000000010005000-memory.dmp

Filesize
4KB

Download
memory/548-61-0x0000000005090000-0x00000000050A4000-memory.dmp

Filesize
80KB

Download
memory/548-38-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/548-71-0x0000000005590000-0x00000000055A0000-memory.dmp

Filesize
64KB

Download
memory/548-13-0x0000000074F20000-0x0000000074F2A000-memory.dmp

Filesize
40KB

Download
memory/548-80-0x0000000005820000-0x0000000005851000-memory.dmp

Filesize
196KB

Download
memory/548-94-0x0000000074F20000-0x0000000074F2A000-memory.dmp

Filesize
40KB

Download
memory/548-96-0x0000000010004000-0x0000000010005000-memory.dmp

Filesize
4KB

Download