28f5488c86c001493b2d2a744ce95ab91e715f7340879f1cb270231a4f0170fc

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

685329624efaab2aed5961cb1155f543_JaffaCakes118.exe
Size

24.1MB
MD5

685329624efaab2aed5961cb1155f543
SHA1

85a5cd5cc93df202d63c3fee7a8b6e971636eb2b
SHA256

28f5488c86c001493b2d2a744ce95ab91e715f7340879f1cb270231a4f0170fc
SHA512

e6eb331a19231e14ba846f253d9b5d3e324d975386d11221edfe5191bd40fbb5ccc60fd41e99c0eca2aebd8a5cc4ffcffbed2cd4db6ccdb4dd98526daaba7faf
SSDEEP

786432:x401jr/ePirAOv5717h3dixTV/Ymh1XGaYddSTaZHH9Tt:x40lrGirAOZRh0xTVP4MGZn9p

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Loads dropped DLL 2 IoCs

Processes:

685329624efaab2aed5961cb1155f543_JaffaCakes118.exe

pid process

2336 685329624efaab2aed5961cb1155f543_JaffaCakes118.exe
2336 685329624efaab2aed5961cb1155f543_JaffaCakes118.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

685329624efaab2aed5961cb1155f543_JaffaCakes118.exe

pid process

2336 685329624efaab2aed5961cb1155f543_JaffaCakes118.exe

pid	process
2336	685329624efaab2aed5961cb1155f543_JaffaCakes118.exe
2336	685329624efaab2aed5961cb1155f543_JaffaCakes118.exe

pid	process
2336	685329624efaab2aed5961cb1155f543_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\685329624efaab2aed5961cb1155f543_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\685329624efaab2aed5961cb1155f543_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\9A1B04D4\_Setup.dll

Filesize
675KB

MD5
5c975fc0680a78c820b4024e48777dfd

SHA1
15834e8f3f14fac93aef9d340ded6c5a5d3e15a8

SHA256
cc167ac59a2a3d00346ed9f4b6e613b94c6d007ea4ea467deb2d8caed8620341

SHA512
56a508335b816c92806abef391b2f95da6878c00f332eb3547eebc6c157dc010c0ce07f5757476d3022f9a470cb8c8827fcecb8531b943699b99a931c7d324c2

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu8D40CFFE.dll

Filesize
322KB

MD5
3352fbc6a7eb113dd9649b63a9d04526

SHA1
66c2e30d1ada08f790b933d8e1018e7018b1ceac

SHA256
b9ce2d67ed331f75c866a1f8d8f0af1c0d970168b5a5e74833031faec41208f1

SHA512
c1b6d67ef2c9abe4bbdb4e880dae90d6195414ab34ddf01e12c6f41ccc893af115ac047534328293fec3ab6561c8fa3fc9a05cc770785bb29eee2504a4a9027d

Download Submit