98636a367447b8fc1b4af409ab41d565f19af848afe411ebcb3121c27f1d5154

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe
Size

240KB
MD5

70bb22c6a1054cd15d012bc4fa529b24
SHA1

423d17de49fdeffbe1bad727abc4af9e4a163e21
SHA256

98636a367447b8fc1b4af409ab41d565f19af848afe411ebcb3121c27f1d5154
SHA512

b0434ae1518bbaeabca5deeb6e0fea7efc29988871e236669b49593e84c2f70e669624871b4dcfb6112fd661bd082463f679249775b8efbd5897e6e9d91f658b
SSDEEP

6144:udkzyL3keSTR/G0aTBq/EnpsJHninW358L3Ko:ugyL3k9pG5Ts/jhninW353o

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2536	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2536	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe
2536	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2536	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe
2536	70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70bb22c6a1054cd15d012bc4fa529b24_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\CSMB52C.tmp

Filesize
156KB

MD5
c30ad91fe7b1e7acaf391f4a66af6f06

SHA1
693467a271674cc45ea11bc805f66401fd04959a

SHA256
f0341a98b30386571ca83b24dac64534619727e13271a50a3d23f5287a3a3dcb

SHA512
f1ee9a93748b8dead511e6490b3752429fa8fb78987cd273b51379a5f021b0c917b514c4f8c0da6543efbf8637736043fb8d4e05fc3727165183ab6cec790e44

Download Submit