5bcb3ad77dba9f9a27271fa4c435577dde8da512705c72aabe356cc717b3e781

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe
Size

1.3MB
MD5

70a7dc761fc013c1cf5f4bddc175aef4
SHA1

cd06f0a0f614b81555b449572e8a24358593d622
SHA256

5bcb3ad77dba9f9a27271fa4c435577dde8da512705c72aabe356cc717b3e781
SHA512

d014abe0ae76464f2838ee233ac0f6f711c23846a6ccd441963796fd482441a6edbe5fe4b7eee882c5d9ee205c265cb14310bfdfb86e5f3492595e7577ff2281
SSDEEP

24576:U1WNQ5y5Zfdvo5kTqPC7oWwAFpsnKVOXDIBXprU+iqJiNt/22KEPrsz414Akjeej:U1PUZfdAPCyKVOTi5rSt/2p214Aqeo

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2436	70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2436	70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70a7dc761fc013c1cf5f4bddc175aef4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdA1BC.tmp\ioSpecial.ini

Filesize
698B

MD5
96709d8500858fc4ff9dd359f2134179

SHA1
e9ebf5dc69410ee838ee1fdae97ac6b3255dae0d

SHA256
6c5a43d7f6c076a26cdf82c12341cec207846a02e5d539d421892d641692ca73

SHA512
2327e87c30d612952534714d0fd3d70d8f9a327a2b980ed3b806762ddda5df0dc16619a1577b67cea8e5ada4131ce0a6d23785961ed80bb0a807c6e6893f99a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdA1BC.tmp\ioSpecial.ini

Filesize
737B

MD5
316032c412023fbdf68e06d698d8db2a

SHA1
e6a0d2fe192227be9d48737a5027fa67059b1425

SHA256
fa2441202eab7c91d74233740a7fb7fbd76bf6856d4b77488de6f07a9f5929b8

SHA512
218d7c04a7f3490e4ed7a39f8317dbb9c3fe0070bb44f5da47ab3713c1278b2b190d315d34a670722366f45e7bac1bc5762bbb6c39ae344d7bea60834ae0d95d

Download Submit
\Users\Admin\AppData\Local\Temp\nsdA1BC.tmp\InstallOptions.dll

Filesize
12KB

MD5
444e1109d960c307df0ca2b33a24731b

SHA1
55e3b57d06128911ed4af44858d199d9b1945edc

SHA256
b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125

SHA512
9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8

Download Submit