86e0e4b2c9473aeae7ca4711a396252a751166bb245be24edd58d7e7ef3a8d68

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe
Size

204KB
MD5

54d2646c71b857096427352f600a1f8e
SHA1

559a3633c79a4ff05ca1a846b3734fd58f01fb28
SHA256

86e0e4b2c9473aeae7ca4711a396252a751166bb245be24edd58d7e7ef3a8d68
SHA512

2f9b064423860352ce6fb3e0ab9484b1f17cb2e6b365a9bf3fc005deb15c6ec373846d876dbaafdad38d0de586d3fd011e29bc0d7442ccfaa8d22fe1b63259c4
SSDEEP

6144:SQ59e5QiAoARZPOiEb3kJaRLK6pJ/hl4m:n5UyiaLPOiEbSaxbhlZ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3148	54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe
3148	54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\54d2646c71b857096427352f600a1f8e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyB4AC.tmp\InstallOptions.dll

Filesize
14KB

MD5
eca460272800136da217dff3c8953df0

SHA1
64e9ec022913d66b58ab5a8dbbfe7dd35d077824

SHA256
fd74339ffd5a66781a333005f065a3978ca7916cc56e73ec9598262c72a33ff8

SHA512
f92ccca98551fde68db761f58ac36e76319dde137dd0cff80f0f67f473412000ffba774074416e6907049c6b4c71ccbc853c33f4e489ba2b4f50badc2739b747

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB4AC.tmp\LangDLL.dll

Filesize
5KB

MD5
eee580dbb537d88bc0a454e7fff0449a

SHA1
f93b6d982ce8cfd76be9653731dbdc58cd42dac8

SHA256
7e904bb840e2cac3305b4e057c9f90253a45b9dcf82b13e2622f98c4b38f1c8b

SHA512
85c3356091eb527ea88a8e18dd3da739864c770466756e2600cd09903f2f61d12a223fe84ba95a58e034812fe2df4964781ecb90570cbc96a808aa75f81bd80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB4AC.tmp\ioSpecial.ini

Filesize
690B

MD5
4afdaa1ab04c65109d0a7c92986c3f0d

SHA1
b6bc40582e7168cb54871a5e8a2ab1b8e323d761

SHA256
9a642e48bc3312345f104d81ab8e554ed2bb2fefa72c7b9e8258de3fed82679c

SHA512
6d97d7b049de0de84a20c7f06a2591157c2f881125af9ceaff424c7993d21bdbc96f98a292d9aeb6172a8148d4cd2d655496a01527122dc8a5185889fab7fb65

Download Submit