12cf577f28f1bddbc96b40de20be0f42faab16f2aecdfd9dcc6df79a9025689a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2025 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe
Size

395KB
MD5

ca3bc83026fe6cccc8c4b9b9e7c83e05
SHA1

e1b586d543fb5a75c013065c3be4f57c60847e5d
SHA256

12cf577f28f1bddbc96b40de20be0f42faab16f2aecdfd9dcc6df79a9025689a
SHA512

1e0e63fd33dafd30a581722b053b90ee51f50bc677690f2b0071f4028a42e2d3daf8c9b9b2621872877cf81d62b82113c78a963d539bc761386bc498b1a779ad
SSDEEP

3072:fLom2NoEjXIAphpXQoeOSlaA++reGLomxLomxLomVr85CZr85CZr85CZr85C:f0NvjYAzztUTTD9191919

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
31	2944	Process not Found

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SumitSoft.ini	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2612	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3456	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3456	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3456

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDlDNzU0REQtRDk3RS00N0VELTgyOEEtRjI4NjY0NkU5Q0U4fSIgdXNlcmlkPSJ7MjI4OEI2NEQtMzRERC00Njc4LUE4MzUtRTNCOERBQUY2QjQ2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDM4REI3REUtMjgxNi00QzA2LThBQTctQTRENkFDNDI4MjUxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTg0OTk5MTg2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SumitSoft.ini

Filesize
111B

MD5
2f732b9fcadc01b23f2edb663418359c

SHA1
13e9d58cb07162c075754c582117b3560b4dc053

SHA256
18c968935d04d8c4f53cb3908febf0a7fe70b33644617d5a39e5ac7c6385f65b

SHA512
e10aa16d2c8d19fbdf44ee5cc48fa409e6efac89d982bcd688b65bd5bff6e139c7e0a9404f0c32d1dd13f726f39357ded00958f2a639fdca20128e5229b26fdf

Download Submit
C:\Windows\SumitSoft.ini

Filesize
27B

MD5
e554983eec1b93e09eef485c3c3968d3

SHA1
6afc3a817ff3b4beca46719aa7b25ec755678aea

SHA256
4c446f2a131b9ca99166d9faa3a71e926697f3cd75c2b36e01e76798e8de3534

SHA512
5b7c33310e0b9045491b53e5389e83cd60f3ad0ad6be5e63fc74f917dd87469c221782370144cd6ad8b67f61590bafba94f21211862f94ad0c06c0295bb6e00d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads