c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
Size

14.1MB
MD5

c35b3b6eaccc5e4912c1555080dc76cb
SHA1

c1a2b32895b0d7ea25927d350e87bc6537d7685e
SHA256

c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24
SHA512

2b1c031915ab714a2bfa8d6e1c6e28fd35ca6650e776ce585d5196261bbb5347994f48009cf39f2cde48dd7cbd2b8baf90d530ec52da5ae51251e422789baf64
SSDEEP

393216:2vxV/QEoCv8ESxOmi6XmaGnPTOna6mefoehwnDBBDO:uV/QEbAX4rOna3myvD

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2420	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
2420	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
2420	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
2420	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
2420	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqC823.tmp\InstallOptions.dll

Filesize
14KB

MD5
714e0ecd29f9ec555f350f38672726c7

SHA1
555b1492e782d7a30f280f2aecb64c642c1aaad3

SHA256
21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3

SHA512
ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqC823.tmp\StartMenu.dll

Filesize
7KB

MD5
28052e87fc73e2aad1db2db35eba62e7

SHA1
72e4c599b45605e36aa5fe7b39caf1eba531328f

SHA256
ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440

SHA512
7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqC823.tmp\System.dll

Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqC823.tmp\ioSpecial.ini

Filesize
687B

MD5
d12e782f5fb1dbae8bb5b2acf4a2ae95

SHA1
a7e7ed56eb55728770aa0b45637c88a54dfcfe27

SHA256
03ebdb430ffccd20609fec5621cde190c99fed8bc7e7b314b522350479cf1253

SHA512
d33beb0a0b415ad3a6f7675e72875c47b8d01f968c72f69417ad06d60586572625f5c050d5c025dbcbba53027243adf5daa8fab77793d200f29c3628054acede

Download Submit