55b6ae69111e87ac59d1ea234bfc0de8f739d9abcf1a38ef62ace55fef4ad9de

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe
Size

4.7MB
MD5

8a62c2375b7b9bf1ebd5ed6c09f5eb3e
SHA1

0f27a932e026222efef2c212a37fbb525e77dac9
SHA256

55b6ae69111e87ac59d1ea234bfc0de8f739d9abcf1a38ef62ace55fef4ad9de
SHA512

367d6231fa740ac4c10505793732c17accf56b63ec9ad68808c4aad3ff1f7d86eca37df6e298342aa380ffd4164715795569005f454ae8f1ddb2da896d6e91f2
SSDEEP

49152:MRoXaD05HWZjHdeLbBSmPo2L9uVTc0V6RHCSHG:ixDOW8BSXRVIz

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes11864.exe

pid	Process
2396	8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes11864.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe

description	pid	Process	procid_target
PID 1340 wrote to memory of 2396	1340	8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe	84
PID 1340 wrote to memory of 2396	1340	8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes11864.exe
  "C:\Users\Admin\AppData\Local\Temp\8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes11864.exe

Filesize
1.1MB

MD5
b9c88291f79fad80792ea0ee7232fe85

SHA1
0405cd2e791f5e7d9c4bf54bc6553f31f2ea5c81

SHA256
6800cb4895d9775db85695c44e2112341ab5ee6e1173ff710a643b70c07b26ce

SHA512
59f5f1642823ae500e8a62999b6e396d1519020e36b41f6b8e9bfcaffda0406776b948d77de8f6fca10be94be24513706adfba3ed8989b62b5a17330121efaca

Download Submit