948227c17fb4dc4e165b0cc56f116c9fd22e3f1e58bb7234da6b69848d1339dc

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe
Size

308KB
MD5

441cf2e9ce7823e4ae394968236edec1
SHA1

54d3f33b272d1fa1f8907664574ec08f4ac3318e
SHA256

948227c17fb4dc4e165b0cc56f116c9fd22e3f1e58bb7234da6b69848d1339dc
SHA512

b7c0042e8593d33a67721abb4151df58166db4293f71ad50a335f8ff79bfcd823da622d89fe2eeb9a7886f56c25fa1a34d5d54caa3999d50c5094cc0047b0a93
SSDEEP

6144:fr+RI5RxWBDg7V0eXze6OvA487E3su7cRO9OUlDrx3G88PkAdgEPZ5yxlkSh:fr+RI3sBDJejgPyM7cROAUlPFG8VER5o

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4032	441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe
4032	441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe
4032	441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\441cf2e9ce7823e4ae394968236edec1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TsuA7683F58.dll

Filesize
269KB

MD5
73f84010494b1b9e4b478790bbd3d71a

SHA1
136f73ff2ccb0ca4a558f7b72f8d9641bf7ee7f0

SHA256
41a58310d5c51c6dea425a4dd7e79c7dea67be75915512990ac263ff8f6e02a0

SHA512
e57eddfb249597151e09c4aebd9d2d77239ce677cd47d944202ed2a2a68af042c7b0a9725c366414300647d11c3bdafe3f163c065b8b6c89efa56fc764ac2966

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D80F6A38-81A3-4104-A3EF-C98103EC48CE}\Custom.dll

Filesize
58KB

MD5
7cefc6cc05c85c03e380031e7b1aa9a9

SHA1
5d28768ac4bdd826cd94fad129cccf0b772e7be2

SHA256
09af7a06cc8f91d009cf3e23be4409db7ebf1988000f85e57f0bc95719ecf7a5

SHA512
4746c7568306d302b5a9459a380d837cdafdb79d70246b46a987f0d871f9f9bab6fac39482d5554b24b8fe3f4e7267444c4c59331feff3750c4ee372a0931482

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D80F6A38-81A3-4104-A3EF-C98103EC48CE}\_Setup.dll

Filesize
207KB

MD5
9473f38f101e1fdd74761481d4805083

SHA1
5d1bcad363d7c43929c0b8d78b38b52fed737f0a

SHA256
c9e100eb1275a039ef4de4c2a3a6445dfc7ffe7f4a1acc224470137181aeaed2

SHA512
c8b73a09b16bbad167a244ecd613fb4f9fc47972b19d11e3be373253ded77ece636851b34be281bfc81f7e66e7b7a8fb3edcf276fa6d92b9518f043d3a84612e

Download Submit