88e6926483429d26ff92654a1c9f1977d30c577654cad7e733e4d916413f6b96

Analysis

max time kernel
104s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
Size

15.1MB
MD5

8d08d410e92bb112cff5dcc9707c637c
SHA1

1099feb83a927497f1f5500e0503d761e837d3fa
SHA256

88e6926483429d26ff92654a1c9f1977d30c577654cad7e733e4d916413f6b96
SHA512

aca4166a240e2d3a54ad3a75c05cc72a6bde4d67e7490aedd226c94667c6b63523b992aa5fc5dda73e8da0fc87571b8e143d5cabfa87b09abb8b2c7d51ed3fae
SSDEEP

393216:lwUN2fk34EjfYob8H+KzpyruFDJgb26M0jhWlk:lwnBQY48HCuFDJW2Book

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5584	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
5584	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8d08d410e92bb112cff5dcc9707c637c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsh7EC6.tmp\InstallOptions.dll

Filesize
12KB

MD5
1e8f2fefe3ce893b117b26948b8978cb

SHA1
59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

SHA256
8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

SHA512
b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh7EC6.tmp\System.dll

Filesize
10KB

MD5
10c44246d99a1c2e5f5e6b52b111a63d

SHA1
0f41da79c3e789f4ae38738e3a5d73c538f8af4f

SHA256
7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

SHA512
e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh7EC6.tmp\ioSpecial.ini

Filesize
577B

MD5
982966ee98b35361ee4b79353480e5ac

SHA1
fdacadf0ba8c229928342cf0b6ce071f2da26403

SHA256
4aff05a6067b65e89459c0f20a22abb3665f7cc01c33ad11b2c4f9389f1a1f2d

SHA512
30d28483c34826e9e6c3ec1a638cec9d9c484e9a6a515a19f2069b0fe5bb8afff850a8487e0f85bdb98bb582e323ed821751a56efe68564aed9ea58d187fbac9

Download Submit