2c5cd2d437ada29d7134a086bb52906956ee4c425fc6b0e92f1d3d876711082b

Analysis

max time kernel
116s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 20:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe
Size

242KB
MD5

68de3a8caf928ebfb59a1b6ee08fefdb
SHA1

4062f2feab0ec36f97628d99a1535ea28efb4627
SHA256

2c5cd2d437ada29d7134a086bb52906956ee4c425fc6b0e92f1d3d876711082b
SHA512

071756f1937dce32594fab91cdf6787c9e7195f09979dc433757109e331b71b41c9aa2dae2706e507f0a5817ef6f9052de4f76959d62e00945e6e624aff80721
SSDEEP

6144:uV4KpQ0ZNZ8QMgOAFqUu7FqQACexn8mYBmx5a0IB+9u:uVjZNZlOyqB7szC4Imx1s+9u

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2040	68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe
2040	68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe
2040	68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68de3a8caf928ebfb59a1b6ee08fefdb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\INSTAL~1\BB1251BE\cfg\1.zip

Filesize
140B

MD5
ea8eef7d26ecc45b6a56c5ecdb494d42

SHA1
fd621efeb3a6649e0a7ed0a178fa51be3d5d7e1e

SHA256
1af29706d2a6b604a0e552114f17bb1789014da70e98d6cf05af542bafaca04f

SHA512
12aea78e33d411033ab3fb235f17013161d32c52c3a9b29e76c03dfe1c7ff97b39daadb9a02904923fb1fac0000a910dca2c692d949a8fa83620d09c0df62252

Download Submit
\Users\Admin\AppData\Local\Temp\BB1251BE\_Setup.dll

Filesize
117KB

MD5
1c28622dac4f2c0bdbcf4237e3f25b9c

SHA1
9ce1a210c89494decbedcd3f8745cb0b3cbaeb64

SHA256
2d2822ef07899681d72ff8cb8db9607cec77ff12aeb4635c95a4f45457daa1ce

SHA512
c123efd18ba0164fbffa19d682c3b58c6498b7019e943447c2cda7e6046e85b34dcbbcc3ec159fd2ac2f4d546786ffe830fe7ed9f4fd7c71c304831af40a0392

Download Submit
\Users\Admin\AppData\Local\Temp\BB1251BE\_Setupx.dll

Filesize
20KB

MD5
6ddd743e090ba0a5f5106f54fd92a45d

SHA1
86c6ffbe1198563457bb79a731b1b8deb7b9f480

SHA256
0b0566e8b68a1d1b28a11c9868705a4c72ec8619a3749346b30169cf16b0e9d1

SHA512
966644b1e08fdeb2623f70e9f77793868758531c9d606bb2ee452ea469ab1d1c159495c7022d9abc5bd3e67468fc3c3559b2991022fb9a7335cb80b6e41ee597

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-07F8.dll

Filesize
246KB

MD5
e671c2b76207304be7b9b601ea91773c

SHA1
1e801677f242467cecb3a4fa148a9acf6485c49b

SHA256
3cf077afb7ff0d7f7e9c7039c05c2d19c50d50941a73f4245093856ca8d2405f

SHA512
e2b7821b3fad3f24f644a75f7edee5bda4eae70a5ec6a9bb33bc52d5704bae77b81ef222ce65292ddc29a2a2322f81fb4ed9f74e730b8f9366b083717be94026

Download Submit