685203b3fa3692b79319d1757e177fde0ffde3421a8cb256b8985daf2a1f4a0c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 02:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

45593114d1f82983def9f9850326d486_JaffaCakes118.exe
Size

1.0MB
MD5

45593114d1f82983def9f9850326d486
SHA1

595f4cc7d73b98037987468e92f3ef49c8efafde
SHA256

685203b3fa3692b79319d1757e177fde0ffde3421a8cb256b8985daf2a1f4a0c
SHA512

efd91d595049aa50c680eb3da9918b0e9f0515cc9457967d96b6667ce8493f3d03af99c2a9d6807568b34c9787bdc05ab0c5de55fd5de0484a0370449c1e971a
SSDEEP

24576:yyd0ZgChkC9K2qe6Ir9OAbr9HRWHpeI6FUPeLOzza0UEp:yw0ZgCXQ0DLrBmfg

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45593114d1f82983def9f9850326d486_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe
3268	45593114d1f82983def9f9850326d486_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\45593114d1f82983def9f9850326d486_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45593114d1f82983def9f9850326d486_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240619468\bootstrap_53675.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\css\main.css

Filesize
5KB

MD5
70910c3d3e0fe4e9a0c649032b4150d2

SHA1
1048de52b3ce7e27357556fb88eb1d001ce6fe7f

SHA256
682416bd93bee4b57642d36b99928a16e5ce1289b5d9117f8a85e0c1614350c9

SHA512
b35a5461a68e8ee08dc09ac6156a27d9b563a591a127cd031f50b357b0148c57f8e9f14aad8ba7335feed5933cd635077ae533cc94c09457d59cc94863b88bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\BG01.jpg

Filesize
25KB

MD5
71c80dde59856b701903b2fc0f91b075

SHA1
10265b56b1db49ec524b6832e14b0b4f08f26e1a

SHA256
45a11c15657eafada47d1b40f23ad47a067b6882c45f7d2e1754305aba40db4e

SHA512
35bc4a16852e589e3654f50dd2822e8310cc3f9287f95a7df6d8756af6e461822123d134aff7190c40bfed5545400b0dc9d30f70126750e0c45fb3d9902738d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\Close.png

Filesize
809B

MD5
1c6138108b31f0ad1c8f22f6f569f6de

SHA1
d6f3a9b3af755183b8fad5e00a3f00c81053d66a

SHA256
8b07d29151a7af1ff97f312e972e1609c50890cf0787c3b9e860bae853321040

SHA512
b539d67d669af93c22b33c431473a310bb983e4979caed6a74bf1993cd949714f42aad157c3357e2cfac2cfbffb6c3fda9d6e7e4089fdca8996d5b752c571901

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\Color_Button.png

Filesize
1KB

MD5
eda0f9fe2914bc66f4ad4861f6db1a1f

SHA1
ad525e4558276d81b52c2fc8b6d09352a270ee1c

SHA256
e325ce8afd3f60969a3465d0a221d2f023e1c4fa88a48b551328ab715c5bb8fb

SHA512
ac7bd622f6a1eae051e29f59f8010d44ca3293aa89549b0e2575655cb8e21012517f5c3cfc0f73ef3b48dff78c84ec79d51cc3c8cc7e5e6cf16ece2c6e9aece2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\Gray_Button.png

Filesize
1KB

MD5
02931901ed9381a0ac04384ddc55a8ae

SHA1
fe447aff5155d46dfde8570caa1c5b2e30b7a2c7

SHA256
216cf446b17585d388b1105409c8c24aa962e6ab1f660d6959c7f8ffcf6aa103

SHA512
03c89f7918058b4013b1ca9151a7be314a0ba2bc02cc56961e6a6fde8fb516b84ec37268644f8bba730f64073e3e6d15e404912c4d3e85a5a5e1d2df2badf29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\ProgressBar.png

Filesize
1KB

MD5
b6e30cf41d44ec03cdf9cb05c622f8e3

SHA1
885ac809976d64dd7fafe92df4cb615521766ed3

SHA256
342b0b36ee6c9922fcb6f1add3cf46b5e41dc2d0fd8572481467dcc3c05c27dc

SHA512
522717ef48698f5dd3985a0477608bee6dfd0d2344e573301112461f83c0ee5fbe530b99e001e61ab1d76817d7ad32219ea9c8a7d39f95599a5e358903bf0b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\ProgressBar_element.png

Filesize
236B

MD5
95cbac4dc07f686c45f154a394e67869

SHA1
8fdca7e090767be4e422371fb0dbf03b4ad8352e

SHA256
3e12544469963fbeaeb1a7bc9de7026bcf639bf17c3ae424b2e4809058578a5d

SHA512
6d99ff303b6da5ec950894d93a7baa82a328aa517e461a2d8a625f9728afbc03116bbdedbdde9b61abedc203b2c64ce2fba2bbd86dc4099f391c931e6f5225a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240619468\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
memory/3268-123-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-129-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-121-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/3268-122-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-0-0x0000000000401000-0x00000000004C6000-memory.dmp

Filesize
788KB

Download
memory/3268-124-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-125-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-126-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-127-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-1-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-130-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-131-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-132-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-133-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-134-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-135-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-136-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/3268-137-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download