ae121ff88b1551ba1d727ef090938bdeeb04d87f96fb2cac0296bc01c17ded7e

Analysis

max time kernel
139s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45a58a0a0243efe43b063f2270807ec5_JaffaCakes118.exe
Size

482KB
MD5

45a58a0a0243efe43b063f2270807ec5
SHA1

148abc720d1d087196569ecabc48b80cc9c2bed5
SHA256

ae121ff88b1551ba1d727ef090938bdeeb04d87f96fb2cac0296bc01c17ded7e
SHA512

5889e0c9d3546d2b0655679f31ab9ad6a6f6688defd1a80f816718bf063bc6e1fe97b03b32ed73d9915c6f67c1d884548b0e085c743e4e8c3046bf51bd52528a
SSDEEP

12288:Iu3URWtsYf8PemjE8h0UxH9ND6fvhMrf1seW2/I:IkQe8PemjTh0Ul/8vh+qd

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Executes dropped EXE 1 IoCs

pid	Process
3588	pxwpmqk.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\iekmvzc.dll	pxwpmqk.exe
File created	C:\PROGRA~3\Mozilla\pxwpmqk.exe	45a58a0a0243efe43b063f2270807ec5_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pxwpmqk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45a58a0a0243efe43b063f2270807ec5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\45a58a0a0243efe43b063f2270807ec5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45a58a0a0243efe43b063f2270807ec5_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:852

C:\PROGRA~3\Mozilla\pxwpmqk.exe
C:\PROGRA~3\Mozilla\pxwpmqk.exe -ooxnawn
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla\pxwpmqk.exe

Filesize
482KB

MD5
560c45cc7f68d454804e11ddebc1d9df

SHA1
e89964ab0134a84a9ef95a01e3cc8af52fc8bd0f

SHA256
194646a632d364b54a895bd4811ed1dd96346dba9e32b79672064a717646f3ea

SHA512
82b6bee66dfc0fe4f0295646eb9ff1a96d396889fd5b3d5071d7b435128b0f698eddde496ac33b56f22536a1d47df08011fa19024deb71a8b9220dd36012d83e

Download Submit
memory/852-0-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/852-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/852-7-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/852-9-0x00000000021D0000-0x000000000222B000-memory.dmp

Filesize
364KB

Download
memory/3588-5-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3588-6-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3588-11-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download