Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
26-07-2024 02:44
Static task
static1
Behavioral task
behavioral1
Sample
724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe
-
Size
163KB
-
MD5
724d78445402cebed2b36c4f0609934b
-
SHA1
41cfa8553ccbbbb0df19cf9c31d9728e8b798137
-
SHA256
d3af8b19ead0d0068700073844f3d650f0bd30db22cb4a552d378bb71c6133a3
-
SHA512
90704e5071624a399dd582b5d1602f7cb0a38587d8e86a7cd93a7fcd3629c5ca5cd4f41daefc10e89813df368dca97b8b6f3f7fd6dc37e1a1e8d6b7b93533d10
-
SSDEEP
3072:9yugHZpKjaHdOG6x0cj7GuokrVD3RLnTTrB9qltGXmNyKLIeVeUZj8N:XUuIQG547GhUPnrB9Z2NysIeAY
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x0008000000018b7d-5.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 2632 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe 2632 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe -
resource yara_rule behavioral1/files/0x0008000000018b7d-5.dat upx behavioral1/memory/2632-7-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral1/memory/2632-12-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\W: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\J: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\R: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\U: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\N: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\P: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\T: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\X: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\Z: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\H: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\I: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\K: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\Y: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\G: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\L: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\O: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\S: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\E: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\M: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe File opened (read-only) \??\Q: 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2632 724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\724d78445402cebed2b36c4f0609934b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5233c4d2d6c78482f69e7a5e4208c732d
SHA133ee43b5c8dd1a6e4eef594b1129ae6520f6df47
SHA256dc3dd45734dae86ea184754183bcda623d25e871760d9313c0c8cf4401d131d9
SHA5123929b040293779d025045b938dc31723def165a7ed2c0d2de3961e9a8907cfb10708db640b8dd0637f526fcf501142e448a1aaed91829ee9a97d43b24da22a2b
-
Filesize
20KB
MD58885590be20dec972df9a79d6b4693f6
SHA13a690b8d695f81a0d3ca7869ab830d853748e70c
SHA256160cca4ee96178d06e7f5b0f272d422cda2cd8550b7119a307f67fa60341aa11
SHA512480ba22b872ecfc47bfb93b631b8c40ad2d63f1e2530b04f7691a91ffea6ec0c8881030b916159086bef990edb00787cd1b7c15651ec14d80cdaefbd8be0151c