bad67fd572003e65ef6b608aaffbfc229da7eb39a1cead617a4e1f6d837d97c9

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe
Size

20KB
MD5

88693093436c03b2a1fbe0d897a8255a
SHA1

8bff167fe80f1d82e4bda7de9461dec6dc90b360
SHA256

bad67fd572003e65ef6b608aaffbfc229da7eb39a1cead617a4e1f6d837d97c9
SHA512

a0cfaef26d35b828ed1704df73cb0d2127684ef4d88eceac7f1399ee2c8d0c243ce05e494f365cb276b2d73cd3a43e8c5fcc84ed990043cfd80b9f16985443dd
SSDEEP

96:/lxBidGguUY9Z6r+UnWSQRZCr5izHG4pKJ4YEiSwoD9yEWGK2AEd2:/TyGBj9Z6BnWZZCFizpM4YEiED9yhEd

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1848	88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\88693093436c03b2a1fbe0d897a8255a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\NT.exe

Filesize
505B

MD5
205f7139c5a843db9eb6cc2bfd3da3a1

SHA1
7c99aec76ae9cf75699655c15ed73be54d836019

SHA256
b717d043477bd87e27dbdc29001de14e9096df272f35fe10b026c442416f1c03

SHA512
821959466e93788e63e1513c7b93dcb3541ad4cc3c0abb9a5f3860d2086fee02677448b59d6b4c00acd845780ce672641d380ed46a4bad910ae64c51a08f8dd2

Download Submit