87f564e5365b16026cda769dd1a4c81ca4cc729f1ec11a2de6a4b8a5bf603568

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
Size

437KB
MD5

8a55a4606de742c012ad903946faac81
SHA1

5e8d236c2109c7afe37b0cad500ea939998fc45f
SHA256

87f564e5365b16026cda769dd1a4c81ca4cc729f1ec11a2de6a4b8a5bf603568
SHA512

3d8f85e8b9a5833d6836cd0905338dcdf0cf4f77c311905a63530f45b3a4cf060c2451ff2967613975ddd1b6d28039b56798025750723a59e50e8cae6aa30668
SSDEEP

6144:X1b1OBsinPQktNSWN5wZyGZSCvbIyAOYMTwjIVS2i98gWNlPTGQQm6agrdM3SQ:X1CnP/tNSWN0lM45Twj2S2dNtTirdOS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2992	system ide

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system ide	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
File created	C:\Windows\uninstal.bat	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
File created	C:\Windows\system ide	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	system ide
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	system ide
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	system ide
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	system ide
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	system ide
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	system ide

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
Token: SeDebugPrivilege	2992	system ide

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	system ide

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2408	2992	system ide	90
PID 2992 wrote to memory of 2408	2992	system ide	90
PID 2292 wrote to memory of 1296	2292	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe	96
PID 2292 wrote to memory of 1296	2292	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe	96
PID 2292 wrote to memory of 1296	2292	JaffaCakes118_8a55a4606de742c012ad903946faac81.exe	96

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a55a4606de742c012ad903946faac81.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a55a4606de742c012ad903946faac81.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1296

C:\Windows\system ide
"C:\Windows\system ide"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system ide

Filesize
437KB

MD5
8a55a4606de742c012ad903946faac81

SHA1
5e8d236c2109c7afe37b0cad500ea939998fc45f

SHA256
87f564e5365b16026cda769dd1a4c81ca4cc729f1ec11a2de6a4b8a5bf603568

SHA512
3d8f85e8b9a5833d6836cd0905338dcdf0cf4f77c311905a63530f45b3a4cf060c2451ff2967613975ddd1b6d28039b56798025750723a59e50e8cae6aa30668

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
215c4662e12a0279eb1452b68f07dc94

SHA1
1715cf369ed58e393352f7473982154e23690ad0

SHA256
9f7372e9c24d15bb313a6a611c6d0009f9b71d063de7541746536bfa2fc9c9eb

SHA512
2ee2878c74125bb6a5cccff13daee4f43f4d6cc92e27bd8c9779d2c7c0eeb237f1c5121da836b79628be87deb5f2fead890d93f00add8f896e5022f38292cb11

Download Submit
memory/2292-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2292-1-0x00000000022E0000-0x0000000002323000-memory.dmp

Filesize
268KB

Download
memory/2292-4-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2292-37-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2292-36-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2292-35-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/2292-34-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2292-33-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/2292-84-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/2292-83-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/2292-82-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/2292-81-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/2292-80-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/2292-79-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/2292-40-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2292-77-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/2292-78-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/2292-76-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/2292-75-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/2292-74-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/2292-73-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/2292-72-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/2292-71-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/2292-70-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2292-69-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/2292-68-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/2292-67-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2292-66-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2292-65-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2292-64-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2292-63-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/2292-62-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/2292-61-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/2292-60-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/2292-59-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/2292-58-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/2292-57-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2292-56-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2292-55-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2292-54-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2292-53-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2292-52-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2292-51-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2292-50-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/2292-49-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2292-48-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2292-47-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2292-46-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2292-45-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2292-44-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/2292-43-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/2292-42-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/2292-41-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2292-32-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/2292-31-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2292-30-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/2292-29-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2292-28-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2292-27-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2292-26-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2292-25-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2292-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2292-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2292-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2292-21-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2292-20-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2292-19-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2292-18-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2292-17-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2292-16-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2292-15-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2292-14-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2292-13-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2292-12-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2292-11-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2292-10-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2292-9-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2292-8-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2292-7-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2292-6-0x00000000024C0000-0x00000000024C3000-memory.dmp

Filesize
12KB

Download
memory/2292-5-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2292-3-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2292-2-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2292-86-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2292-85-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/2292-91-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2292-92-0x00000000022E0000-0x0000000002323000-memory.dmp

Filesize
268KB

Download
memory/2292-95-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2292-96-0x00000000022E0000-0x0000000002323000-memory.dmp

Filesize
268KB

Download
memory/2992-90-0x0000000000D50000-0x0000000000D93000-memory.dmp

Filesize
268KB

Download
memory/2992-89-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2992-98-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2992-99-0x0000000000D50000-0x0000000000D93000-memory.dmp

Filesize
268KB

Download
memory/2992-104-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download