7c0f8e812eb1bc8bf80cb3a55a72adfc50eef194e7ca6ab0005bf3459866849f

Analysis

max time kernel
149s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
Size

1.9MB
MD5

3aab6dca6d0372c1a130ebd5ce5d2816
SHA1

52ca1fe9887b90e506094c7d4393be0e68df2645
SHA256

7c0f8e812eb1bc8bf80cb3a55a72adfc50eef194e7ca6ab0005bf3459866849f
SHA512

9fe0a15ca99984e091f459279f443400fe5d98e9647bec9a937afa0700286b6bf12cd0372c162a2263fb790f8027248c9f1611d1f380a94a2486c882829a821d
SSDEEP

49152:khVSi9qvkUFw+zOn/2eN6ts/f7qIHuDJKAQV4bWNnVP:gMsUFw+CnOeNLqIO13cP

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4888	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
4888	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
4888	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\InstallOptions.dll

Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\NSISArray.dll

Filesize
17KB

MD5
eafc4eb07d5527b374aa667ed663769e

SHA1
3ce4716bf95f4ee79c7ce8e8b57fc0e620c18fb8

SHA256
40800fc71777c8d4da8013ee9bccdba0dbca87aa064e188937aa565a10d859fe

SHA512
de2fbbf162ddabf4b7a854eaa9332a6277d7290f831355a11378934508bcd98504fbebb2a4aa74f59979966abc03dd06c451ba96c447b0eed47dd4cc62b7338d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
690B

MD5
2bb9a94f47564dec55ac9a6d8aa88c06

SHA1
957b3e1f1dc4737d333f71be9fefdc03f2ead2e1

SHA256
85999db4eba14c59119de2728d57a329f07ce337fae73851eebd3f97058d0536

SHA512
4f726b4dc07a183d81a14a65aad19421f64ef5f4d94134e5f11202710205b90e86e5fe1dcb3d9663f136ba8c4c7954bfd6ab67234c3c6d30e12313c7038e4604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
722B

MD5
0942ad93b64fb62fe73e3746a8e87c0f

SHA1
f2b73f067a94d4633547e1b7bd4eb8ed25ee7815

SHA256
0ea218140e52f7b9ed124548dd33914b470414ebb80eac81fe18b2fbd7a848f8

SHA512
8b00d857e459d8f65936e1f77152c7728eb136c8608df9ce888f01c33670d2769c1a72752946c98d066e5fe3cc1cf3fb9231a83d1189d82618d3b40a09f37dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
704B

MD5
4e4f31a4387488ecf3c57a7b8df605a8

SHA1
bb9fbe8bc288e7cb246f3aa185e498cbd35ca934

SHA256
ab32251f593bc1de39b963411ad93527d05136b2dcb358f01d56a3b81addc940

SHA512
f3006038cc25c51975ea477f7fa9a97f0982783ed429549bc1b7ed083aeefb7405313d450e93c48a8c14cf45fe37bf5a50ace4fd7547df6373cacf139eb3665e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
722B

MD5
e365779e89a372722ce0404ae8c74dd5

SHA1
78068a2707ae727093f812310ebba5b86c95fed3

SHA256
94917968aefb94ba63581e2a805b19e4ce155c888822dd627906b95a98b7b598

SHA512
5a7eb487763fdc1edbfd230ad6ce0c474620444b4aa324156f9ff9c03c55690ba348c3bb89fdfe1782893f275122a2b7adcdf7531b3aec68445e782b3dff2378

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
704B

MD5
978cd9b0ac9cc320ef9296b57dab6ed5

SHA1
085d0fc19a1ff8f53b4254ea77a3467073309980

SHA256
2b6c6b6c081ecc2145c4f2dcee3199d3d99272943c4f74eff1f7d1cc32d30dfb

SHA512
9b94078e985e3c08f0656793d3cb4baa8cd524b90732ee4e10bd62443416a367b1c5b26fd6063722cba64e16db4d135d5726393b3b2d9376a364893733d1a74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StartMenu.ini

Filesize
626B

MD5
684f2bbe867c120108bc7d035979236b

SHA1
a78f970c37431e770ddd372731e50be55bb20943

SHA256
0837b38dd5fb4dae5224d90f3071f45aacf5eb2fe597dea7f16ecfc017ddeb95

SHA512
1bc9ce93156b7823f4b64afa2fa9abe777f7540d8723b1a6b6f2b9a2ec3021dd55c8d404b67ff84b483385d8b2f2b5d5b530c325ac68a4e38a5d400a07316d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\header.bmp

Filesize
282B

MD5
15d1d76385ea28d20fd014a7668e2634

SHA1
8e11dd1df693932946ac9ee9b62dfd1908e6d49b

SHA256
9b6c0898883df9a014409da94e9f3bea6f197a2270afdb908a968f7bdfe01130

SHA512
701057d1f754a37fbad91b2c25a9318ed60d930b20f0f006c1796204fe724ef41bdf8e9b91481a9300b0c0f36f00391c4ff1763b468fdfd3ac317cf784b4b0f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\isWelcome.ini

Filesize
595B

MD5
a63eacb7917bef0cd295dbfc967b132a

SHA1
1e96c9cad8e43a45887bdd62c0fbbaebf64e1694

SHA256
903140af676b619815a396a0ff51bbac44cfbaaa901691120f3713102f657388

SHA512
32b414cfa9b12fd3a84a242cefdc3216b01d85dc9aeb99b91fcea324c078cdad7efbc48dac0a664531c55584b67dcc7bd78b1c149d679fa9053313e0f6f7b5da

Download Submit