Analysis
-
max time kernel
142s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
11/08/2024, 12:18
General
-
Target
8a54e122362701c3f3d1b9dd8a2edbbc_JaffaCakes118.exe
-
Size
111KB
-
MD5
8a54e122362701c3f3d1b9dd8a2edbbc
-
SHA1
2f56a3890a8d2b026518d492809967d41014f7df
-
SHA256
eacd7cd4f9b1f28afa82a96f10e5ecbb21d14f8147a1178bc1fe931c477d5f87
-
SHA512
f93260cea2b351a1d7b7894a1e70c8dd442631348acbc6d287954e67c5c728320078aaae335b48d6e88742711fc3e57ee4cd122d6c2c374b3968ad9b765cbf39
-
SSDEEP
3072:oJO7k0YVw4dAQciis4p1vIm9/OfwBpNf4IG45NIx5AZU09ozpLo2JEPN6:NDIAQcDs4p1vIsOfwBpNf4IG45NIx5A6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a54e122362701c3f3d1b9dd8a2edbbc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8a54e122362701c3f3d1b9dd8a2edbbc_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Service Loader\exHelper.exe"C:\Users\Admin\AppData\Local\Temp\Service Loader\exHelper.exe" in2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD590f6eddc776e48b2fdfab3034ae9ff5e
SHA11f37033f4f25a20649501710fdec8fb07f679bc9
SHA2565b3ce3e4510a73e52f0290454ae578525eef76f91b1deebdd8b37a0655d4bcaf
SHA5125c30717021552c08bb241baabbccac6e05f6ba54b20d0b5b89605e9e22cbe5af27e10e6b9865c06f7c094a1c9dbca587a39ab71246fbfb2ac6e529335d099901
-
Filesize
140KB
-
Filesize
140KB