e2410771bc6ed470b150e83a849f9aaf5ff1a968ae4d1e82002c76b742290704

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe
Size

2.5MB
MD5

3c055bece3a6d7145b51bba93b05ec8c
SHA1

a250daac7ca9e1e43eef5004e6084983fe911a12
SHA256

e2410771bc6ed470b150e83a849f9aaf5ff1a968ae4d1e82002c76b742290704
SHA512

b172dc09cbc6f888db1a3a19642f7d7755af4f71f96df0ad42c88a0d556554a0ace5e6ba053caf7746f33e179a9486677b2a5250700a110d1250561d2bd3324f
SSDEEP

49152:gTP6XG2TDhrqUP6EW34xnrAprs+Y2c4ROFiWvvl5flcXa0YmlpLqJy6:gLw/hwEWeAi+RuTvLfcawlsc6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3332	3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe
3332	3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c055bece3a6d7145b51bba93b05ec8c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoB557.tmp\InstallOptions.dll

Filesize
12KB

MD5
f407939127208a009b9a825cb77ed3c7

SHA1
051d7fccf3fb544acaa8ab6be590bb4bc79cef82

SHA256
191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d

SHA512
d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB557.tmp\StartMenu.dll

Filesize
6KB

MD5
740bd475a180892e4cb98acc14cd360b

SHA1
f71ea3c855d3a0f96c3dd1a2776d21fa273833c6

SHA256
adf51f6f088f3bed7d88350cc77812d9c19a575ec0d477bbe6d744dd9cea06cc

SHA512
b8a51cd72acfdc3e589f5baa941537d4e51cfb6f73572f228651208aa89bcfd737beb7a8675e235fd0327a19516dbcd393fb8e6c5faee5a879cca28f46da840b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoB557.tmp\ioSpecial.ini

Filesize
688B

MD5
75a19d9db29c5f9fdf9ee3b1064445fa

SHA1
bc53c2c8fc4be8645cb732919055eb5904027c19

SHA256
e12db70694daa6f716ecf56f5e744fa1ab8edcb56785c90fb3f16052ff387ff9

SHA512
7809976fffe189b3bfbf060b9cacd1bcb34d2889489f535be45a0c915181acb588b690346abfc83a2d7fb36446ff68dd6bd93c95556a13b04511d22e2ee305a5

Download Submit