41f8177b4b441a17e91bdcb6f4d95cc0673cf8e71ee522f30cf5e4a44e28b0fe

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
Size

2.7MB
MD5

87689098c31b845fa5dc1eb6b8d47bde
SHA1

557ad8b249b8a7a2f9a4472bd4d13e29e871ff3b
SHA256

41f8177b4b441a17e91bdcb6f4d95cc0673cf8e71ee522f30cf5e4a44e28b0fe
SHA512

cc4b901d5b0e414162092dee3e331c7c060c9d3ecff5171c0ef3485ba679416ebe3ddebb18c71802781147d60a592686a6d6e624fc8e2500f2fb0a1028847053
SSDEEP

49152:vksstMWSafMBZh4kAN0I/L+VDVTEeFGYH3EvmrPlxgDSQl1+RmIVe2X1uLY:vqTSSMDH4zmVTEeFGYH0+rP3gnn+3VJh

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
1532	87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87689098c31b845fa5dc1eb6b8d47bde_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\A2451303\e1051557.dll

Filesize
278KB

MD5
17bddadca7044cc7b8406f1ca45210df

SHA1
d74c5236542f4ddbb50cd113dedcd05aa9861ca9

SHA256
4406dc1789f1ebdbfebb7796719d21dcce2250f3a0a07f204cfd0b4f93725f6c

SHA512
1abf4e41912e18b77f7e0ea7ce98e0a5760a554cf79c78dd8ccaf04589fc02579b0fbb5a822acf2d098c2362b778821b1e5e870a55cba5834566a723c0716d50

Download Submit
\Users\Admin\AppData\Local\Temp\A2451303\q1066618.dll

Filesize
4.1MB

MD5
d69561d19635feb9a242da3b01f44001

SHA1
78fe5b04974eb0212437b5621f146277265a92dd

SHA256
0580ad00dfe7c08e77c8f7865dd3555f82c80f8f312df20b6c10b412b3f2f0a1

SHA512
e766b7931b7ca07fffb771e24f34f3abaff7033f98b23043e991fc10cd5c50f6e886a384a68da470850e3f6ba8f25b5e2564486a515b253954b0773bd4552a2a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8F74.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1532-24-0x00000000028F0000-0x000000000293F000-memory.dmp

Filesize
316KB

Download
memory/1532-17-0x0000000002B90000-0x0000000002FA4000-memory.dmp

Filesize
4.1MB

Download
memory/1532-58-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1532-76-0x0000000002B90000-0x0000000002FA4000-memory.dmp

Filesize
4.1MB

Download